Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1a0e718e2ba049328c41fdefcbd2ab18c5bb4f69e55d4eb50f0e1f5ac036e5c1
-
Size
480KB
-
Sample
230507-tda6jafb43
-
MD5
b89aa219b3f9b9dfd9c8fab9fbbf7f23
-
SHA1
04e123062338e8d0495e53b415a9accb6d8f5eb5
-
SHA256
1a0e718e2ba049328c41fdefcbd2ab18c5bb4f69e55d4eb50f0e1f5ac036e5c1
-
SHA512
4216a1f8f831c68073be8d27bd5365305c36a5a562c414272ba6680448f7c810cbd865bd53ddf95dec6ae2f77fe722254c90ad233e199828de1d84e8a8c3cac2
-
SSDEEP
12288:jMrFy90f9GWlFM2Ual/PzVFMvxL7wOLXf:iyy9TlYahzodwOTf
Static task
static1
Behavioral task
behavioral1
Sample
1a0e718e2ba049328c41fdefcbd2ab18c5bb4f69e55d4eb50f0e1f5ac036e5c1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
misfa
217.196.96.101:4132
-
auth_value
be2e6d9f1a5e54a81340947b20e561c1
Targets
-
-
Target
1a0e718e2ba049328c41fdefcbd2ab18c5bb4f69e55d4eb50f0e1f5ac036e5c1
-
Size
480KB
-
MD5
b89aa219b3f9b9dfd9c8fab9fbbf7f23
-
SHA1
04e123062338e8d0495e53b415a9accb6d8f5eb5
-
SHA256
1a0e718e2ba049328c41fdefcbd2ab18c5bb4f69e55d4eb50f0e1f5ac036e5c1
-
SHA512
4216a1f8f831c68073be8d27bd5365305c36a5a562c414272ba6680448f7c810cbd865bd53ddf95dec6ae2f77fe722254c90ad233e199828de1d84e8a8c3cac2
-
SSDEEP
12288:jMrFy90f9GWlFM2Ual/PzVFMvxL7wOLXf:iyy9TlYahzodwOTf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-