Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bfb9673aa05a5ffe99bf6dbe80e621e2c6d1883e132a4d6888430b5913a1d69b
-
Size
801KB
-
Sample
230616-kt178aea92
-
MD5
a5526238e78f6e7e9463f06448dd210a
-
SHA1
926e75fee8c64cbdc2c20be74eec713f2cdc2fde
-
SHA256
bfb9673aa05a5ffe99bf6dbe80e621e2c6d1883e132a4d6888430b5913a1d69b
-
SHA512
539b1c221a16de23eed19b6ab8f656ce502d65711178d9c157945f52fb2bc3a5ea9f6598e3cb0f685b9d95b3b48ac967288b597eda8cf476dba561efedfeb488
-
SSDEEP
24576:4yqupAOP4UhyTMY4w6hiZaG64O0F0EZul:/NivUhIMRdhId7k
Static task
static1
Malware Config
Extracted
redline
joker
83.97.73.130:19061
-
auth_value
a98d303cc28bb3b32a23c59214ae3bc0
Extracted
redline
mana
83.97.73.130:19061
-
auth_value
4f5139d6c845fe72d05faf05763b6c31
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
bfb9673aa05a5ffe99bf6dbe80e621e2c6d1883e132a4d6888430b5913a1d69b
-
Size
801KB
-
MD5
a5526238e78f6e7e9463f06448dd210a
-
SHA1
926e75fee8c64cbdc2c20be74eec713f2cdc2fde
-
SHA256
bfb9673aa05a5ffe99bf6dbe80e621e2c6d1883e132a4d6888430b5913a1d69b
-
SHA512
539b1c221a16de23eed19b6ab8f656ce502d65711178d9c157945f52fb2bc3a5ea9f6598e3cb0f685b9d95b3b48ac967288b597eda8cf476dba561efedfeb488
-
SSDEEP
24576:4yqupAOP4UhyTMY4w6hiZaG64O0F0EZul:/NivUhIMRdhId7k
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-