Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6a89e452b93f558bf1afb01bd642423170c990381ddc6f06f294920c539d8010
-
Size
479KB
-
Sample
230508-wztacacb33
-
MD5
024ad2fa73655bf3705095f8791f7a08
-
SHA1
babc4ce84bbbeddbae89593864192b4c74136d32
-
SHA256
6a89e452b93f558bf1afb01bd642423170c990381ddc6f06f294920c539d8010
-
SHA512
4c9083ae366df428bafc4a0726e6891ceeed66479c909cdae82ab9d61f78faa183050c54ab476a8e241b419a5218cb354576794cd53a6b5915e86d4b7d2e5cab
-
SSDEEP
12288:BMrZy90GEiR/eKMQbEI/WKH37O0xjpCYFvHos1v9:8yX9/WKX7Oe9ZZ1v9
Static task
static1
Behavioral task
behavioral1
Sample
6a89e452b93f558bf1afb01bd642423170c990381ddc6f06f294920c539d8010.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maher
217.196.96.101:4132
-
auth_value
c57763165f68aabcf4874e661a1ffbac
Targets
-
-
Target
6a89e452b93f558bf1afb01bd642423170c990381ddc6f06f294920c539d8010
-
Size
479KB
-
MD5
024ad2fa73655bf3705095f8791f7a08
-
SHA1
babc4ce84bbbeddbae89593864192b4c74136d32
-
SHA256
6a89e452b93f558bf1afb01bd642423170c990381ddc6f06f294920c539d8010
-
SHA512
4c9083ae366df428bafc4a0726e6891ceeed66479c909cdae82ab9d61f78faa183050c54ab476a8e241b419a5218cb354576794cd53a6b5915e86d4b7d2e5cab
-
SSDEEP
12288:BMrZy90GEiR/eKMQbEI/WKH37O0xjpCYFvHos1v9:8yX9/WKX7Oe9ZZ1v9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-