Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e2c7935685082bf8a12edf73cd58a4ff9c84c4ffadd09cc7b5ed477122ee1f83
-
Size
786KB
-
Sample
230616-efhk3acf97
-
MD5
02bd5d70ce9f3cb0587b976d402e628b
-
SHA1
747dd3637977dd48be360edb8d77184b8a7cbf7b
-
SHA256
e2c7935685082bf8a12edf73cd58a4ff9c84c4ffadd09cc7b5ed477122ee1f83
-
SHA512
4d4457040890463ba7bb548a28efa7875b4a5e517e5447ac622095d9153d88294dfbc10d91c12e5a6f67077a8064e191a0aeb3d9786c5c84e5fd44c8fd6ff6f6
-
SSDEEP
24576:7yR2gWG/vY0iy6Kc4WxekYYLP/bxsPpGPzCbi:uR2g//vP6Kcrqhy2b
Static task
static1
Malware Config
Extracted
redline
joker
83.97.73.130:19061
-
auth_value
a98d303cc28bb3b32a23c59214ae3bc0
Extracted
redline
mana
83.97.73.130:19061
-
auth_value
4f5139d6c845fe72d05faf05763b6c31
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
e2c7935685082bf8a12edf73cd58a4ff9c84c4ffadd09cc7b5ed477122ee1f83
-
Size
786KB
-
MD5
02bd5d70ce9f3cb0587b976d402e628b
-
SHA1
747dd3637977dd48be360edb8d77184b8a7cbf7b
-
SHA256
e2c7935685082bf8a12edf73cd58a4ff9c84c4ffadd09cc7b5ed477122ee1f83
-
SHA512
4d4457040890463ba7bb548a28efa7875b4a5e517e5447ac622095d9153d88294dfbc10d91c12e5a6f67077a8064e191a0aeb3d9786c5c84e5fd44c8fd6ff6f6
-
SSDEEP
24576:7yR2gWG/vY0iy6Kc4WxekYYLP/bxsPpGPzCbi:uR2g//vP6Kcrqhy2b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-