Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
713KB
-
Sample
221127-qlm9aaag55
-
MD5
218bfce507db9c76efc9dd6eaddf0bcc
-
SHA1
09c9950fdc86ba54a3ca490ac64156bc18584e13
-
SHA256
4585d6740fbbe09a00a94762ea7d682e51cd58edf64770b96a62bfdef55fc774
-
SHA512
add729ce2d0e251be3d2b20b4c0629728bf0bf8e1ddf571bf4aa68fc4a79d7fe8c488418f562bf4521809c195492edef9857407173f95dce2433e10cd36c975d
-
SSDEEP
6144:iVsSb8zPezouceyIhWRDuD2A4YZGcDXW8jOD/gSDgag6/lkw3RRxxNjfOBzxIL:YsQz1ZyFRi2AzW77gSD1WwN
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
LogsCloud
151.80.89.227:45878
-
auth_value
3122c177d4109932092e46f83a2e0f2f
Targets
-
-
Target
file.exe
-
Size
713KB
-
MD5
218bfce507db9c76efc9dd6eaddf0bcc
-
SHA1
09c9950fdc86ba54a3ca490ac64156bc18584e13
-
SHA256
4585d6740fbbe09a00a94762ea7d682e51cd58edf64770b96a62bfdef55fc774
-
SHA512
add729ce2d0e251be3d2b20b4c0629728bf0bf8e1ddf571bf4aa68fc4a79d7fe8c488418f562bf4521809c195492edef9857407173f95dce2433e10cd36c975d
-
SSDEEP
6144:iVsSb8zPezouceyIhWRDuD2A4YZGcDXW8jOD/gSDgag6/lkw3RRxxNjfOBzxIL:YsQz1ZyFRi2AzW77gSD1WwN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-