Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c39bcda1643a9b9a4dad0bb7e3a8c66df8865619a3e3d1212aa61effdf3a4c7c
-
Size
479KB
-
Sample
230508-bptg5sgd94
-
MD5
b9a20ab11cf1128391d6809d2199e159
-
SHA1
b91ed9a3a63ed3b4619ce71a99170dd3d028d89e
-
SHA256
c39bcda1643a9b9a4dad0bb7e3a8c66df8865619a3e3d1212aa61effdf3a4c7c
-
SHA512
fc2c4430fe90e220ef8466f6202fa054f3dcc5fe149e71dacf47cfa231d7d94a1038114fa71256a0921554b7cbbbce40a887e2d6aab2d90bf23facb9b44dfe56
-
SSDEEP
12288:rMrky90+0ttarh2oa1bH/0cuMF2MkyvtYu/HZlGoo0dudHoL:PyNAtarpQvtr2oL
Static task
static1
Behavioral task
behavioral1
Sample
c39bcda1643a9b9a4dad0bb7e3a8c66df8865619a3e3d1212aa61effdf3a4c7c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
morty
217.196.96.101:4132
-
auth_value
fe1a24c211cc8e5bf9ff11c737ce0e97
Targets
-
-
Target
c39bcda1643a9b9a4dad0bb7e3a8c66df8865619a3e3d1212aa61effdf3a4c7c
-
Size
479KB
-
MD5
b9a20ab11cf1128391d6809d2199e159
-
SHA1
b91ed9a3a63ed3b4619ce71a99170dd3d028d89e
-
SHA256
c39bcda1643a9b9a4dad0bb7e3a8c66df8865619a3e3d1212aa61effdf3a4c7c
-
SHA512
fc2c4430fe90e220ef8466f6202fa054f3dcc5fe149e71dacf47cfa231d7d94a1038114fa71256a0921554b7cbbbce40a887e2d6aab2d90bf23facb9b44dfe56
-
SSDEEP
12288:rMrky90+0ttarh2oa1bH/0cuMF2MkyvtYu/HZlGoo0dudHoL:PyNAtarpQvtr2oL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-