Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4fe174034d8acc970e9175f7b2a709d0c61332007f754c7f6de0438cccda3d7e
-
Size
479KB
-
Sample
230508-z5zk4acg63
-
MD5
c099511b05a276739e6854d5f927854f
-
SHA1
61191387fb320ce9153769cb405f4b61c443cbe5
-
SHA256
4fe174034d8acc970e9175f7b2a709d0c61332007f754c7f6de0438cccda3d7e
-
SHA512
8511a71c48eda1b5305fc626a68931371489f3c1b1839c269b4dc3ee9f2d89d2ab49c2834c53b306bf61ff68e27f461b257d7fc526bdec93c5b38c09a616f53d
-
SSDEEP
6144:Kly+bnr+Ap0yN90QEq4dQhlaZglvafwstPxQxsz6lGRoYy1f2Lw4Pd8s+3ZYL:LMrIy9044AlWCvJstSi2VQv9O2
Static task
static1
Behavioral task
behavioral1
Sample
4fe174034d8acc970e9175f7b2a709d0c61332007f754c7f6de0438cccda3d7e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dumud
217.196.96.101:4132
-
auth_value
3e18d4b90418aa3e78d8822e87c62f5c
Targets
-
-
Target
4fe174034d8acc970e9175f7b2a709d0c61332007f754c7f6de0438cccda3d7e
-
Size
479KB
-
MD5
c099511b05a276739e6854d5f927854f
-
SHA1
61191387fb320ce9153769cb405f4b61c443cbe5
-
SHA256
4fe174034d8acc970e9175f7b2a709d0c61332007f754c7f6de0438cccda3d7e
-
SHA512
8511a71c48eda1b5305fc626a68931371489f3c1b1839c269b4dc3ee9f2d89d2ab49c2834c53b306bf61ff68e27f461b257d7fc526bdec93c5b38c09a616f53d
-
SSDEEP
6144:Kly+bnr+Ap0yN90QEq4dQhlaZglvafwstPxQxsz6lGRoYy1f2Lw4Pd8s+3ZYL:LMrIy9044AlWCvJstSi2VQv9O2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-