Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
18d0b1d3bc3368f7a23786adf37c128c85e7105cd7866049dbc1402f975e0deb
-
Size
479KB
-
Sample
230508-qxbdvscf5x
-
MD5
0ad2beb37e5ae872f56fb37b496cec33
-
SHA1
7a7aca0b587d4a51786f932f0fe08935d608ce88
-
SHA256
18d0b1d3bc3368f7a23786adf37c128c85e7105cd7866049dbc1402f975e0deb
-
SHA512
2e6513ed4e161de57862b21e6358b3d3b3e7f20fe8fd0083f8d77e953548078728b2752b594bfd3b9d3d3b271e2aed0057d9336c5be1e469464763771802da54
-
SSDEEP
12288:JMruy90cJq+d8dnSnLEQUgaOUi74WI95LjVP:/ypeSnLEZg+iQ5LRP
Static task
static1
Behavioral task
behavioral1
Sample
18d0b1d3bc3368f7a23786adf37c128c85e7105cd7866049dbc1402f975e0deb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dona
217.196.96.101:4132
-
auth_value
9fbb198992bbc83a84ab1f21384813e3
Targets
-
-
Target
18d0b1d3bc3368f7a23786adf37c128c85e7105cd7866049dbc1402f975e0deb
-
Size
479KB
-
MD5
0ad2beb37e5ae872f56fb37b496cec33
-
SHA1
7a7aca0b587d4a51786f932f0fe08935d608ce88
-
SHA256
18d0b1d3bc3368f7a23786adf37c128c85e7105cd7866049dbc1402f975e0deb
-
SHA512
2e6513ed4e161de57862b21e6358b3d3b3e7f20fe8fd0083f8d77e953548078728b2752b594bfd3b9d3d3b271e2aed0057d9336c5be1e469464763771802da54
-
SSDEEP
12288:JMruy90cJq+d8dnSnLEQUgaOUi74WI95LjVP:/ypeSnLEZg+iQ5LRP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-