Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1b5c1227f68c1292cd798ab4a4ff41a1af8dc51d5ce3ac46adcb47b793b7e105
-
Size
479KB
-
Sample
230508-r2ykmach51
-
MD5
f13b39973f62ca987a9e8e421111d32e
-
SHA1
eac1df88a4276b05ab9b3ed8aec85d2b1caf4ecc
-
SHA256
1b5c1227f68c1292cd798ab4a4ff41a1af8dc51d5ce3ac46adcb47b793b7e105
-
SHA512
bf44badbf34e5a187468cdcff48915b297fc580ae19776fb118e58f8c12e488dd9c3186f877e339411794a3518d3a31583f0ea8869d61b4dbcf715829aff8b54
-
SSDEEP
6144:Kzy+bnr++p0yN90QE43ZkNzeWE1l6OlD+Q/uiZIU88F+zcCXkWPYaeg1rgwXw6b:pMruy90Zg6zEIU88F+YEGs1hLb
Static task
static1
Behavioral task
behavioral1
Sample
1b5c1227f68c1292cd798ab4a4ff41a1af8dc51d5ce3ac46adcb47b793b7e105.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dona
217.196.96.101:4132
-
auth_value
9fbb198992bbc83a84ab1f21384813e3
Targets
-
-
Target
1b5c1227f68c1292cd798ab4a4ff41a1af8dc51d5ce3ac46adcb47b793b7e105
-
Size
479KB
-
MD5
f13b39973f62ca987a9e8e421111d32e
-
SHA1
eac1df88a4276b05ab9b3ed8aec85d2b1caf4ecc
-
SHA256
1b5c1227f68c1292cd798ab4a4ff41a1af8dc51d5ce3ac46adcb47b793b7e105
-
SHA512
bf44badbf34e5a187468cdcff48915b297fc580ae19776fb118e58f8c12e488dd9c3186f877e339411794a3518d3a31583f0ea8869d61b4dbcf715829aff8b54
-
SSDEEP
6144:Kzy+bnr++p0yN90QE43ZkNzeWE1l6OlD+Q/uiZIU88F+zcCXkWPYaeg1rgwXw6b:pMruy90Zg6zEIU88F+YEGs1hLb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-