Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
290dba13865fe0b5fd9519b5aeb8333f3c2a980bcf1e826cd8bff09da8c4b60c
-
Size
480KB
-
Sample
230508-ymw7ksce37
-
MD5
aa66098e9f891d6c13053e7170c0b323
-
SHA1
94a442f3b1445151e7b658f35a9ff0b27b7e658a
-
SHA256
290dba13865fe0b5fd9519b5aeb8333f3c2a980bcf1e826cd8bff09da8c4b60c
-
SHA512
6d88c3e1dace0c74e64b82a46b0d25bf8973136001589d6379e7034b7956a37b03087906d2634468e452bbc04aa7fa07b6cd7fc80077f145f40c5753d921d39a
-
SSDEEP
12288:IMrXy90Mw67SLPr6S9XjqOG7INlfAI3WRaqAFlNR:PyxO+S9RfNlfA8WRt2T
Static task
static1
Behavioral task
behavioral1
Sample
290dba13865fe0b5fd9519b5aeb8333f3c2a980bcf1e826cd8bff09da8c4b60c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mihan
217.196.96.101:4132
-
auth_value
9a6a8fdae02ed7caa0a49a6ddc6d4520
Targets
-
-
Target
290dba13865fe0b5fd9519b5aeb8333f3c2a980bcf1e826cd8bff09da8c4b60c
-
Size
480KB
-
MD5
aa66098e9f891d6c13053e7170c0b323
-
SHA1
94a442f3b1445151e7b658f35a9ff0b27b7e658a
-
SHA256
290dba13865fe0b5fd9519b5aeb8333f3c2a980bcf1e826cd8bff09da8c4b60c
-
SHA512
6d88c3e1dace0c74e64b82a46b0d25bf8973136001589d6379e7034b7956a37b03087906d2634468e452bbc04aa7fa07b6cd7fc80077f145f40c5753d921d39a
-
SSDEEP
12288:IMrXy90Mw67SLPr6S9XjqOG7INlfAI3WRaqAFlNR:PyxO+S9RfNlfA8WRt2T
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-