Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c469d44db841c9a543f5ad8bd8259a7123be7a898f8436877ae7cf3561b2a772
-
Size
481KB
-
Sample
230509-djzhbaea69
-
MD5
270408e86e994c882c4ec4adfac44e6e
-
SHA1
f8b2af0e4ab4bd17d8dced07e584e895053d90bc
-
SHA256
c469d44db841c9a543f5ad8bd8259a7123be7a898f8436877ae7cf3561b2a772
-
SHA512
c53b256630be15e7c1132833bb1acac6610ed1b21fa526ed0b14b24dee63e1f327f76bfc7e162389bc0fd2ca02a6cad771b43c4408bca5d605e3688bd2930825
-
SSDEEP
12288:7Mrjy90xe2MZ8YrZ3x6x8efAVKOLiPLf:gyyY8Wx6TsKO+PLf
Static task
static1
Behavioral task
behavioral1
Sample
c469d44db841c9a543f5ad8bd8259a7123be7a898f8436877ae7cf3561b2a772.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mihan
217.196.96.101:4132
-
auth_value
9a6a8fdae02ed7caa0a49a6ddc6d4520
Targets
-
-
Target
c469d44db841c9a543f5ad8bd8259a7123be7a898f8436877ae7cf3561b2a772
-
Size
481KB
-
MD5
270408e86e994c882c4ec4adfac44e6e
-
SHA1
f8b2af0e4ab4bd17d8dced07e584e895053d90bc
-
SHA256
c469d44db841c9a543f5ad8bd8259a7123be7a898f8436877ae7cf3561b2a772
-
SHA512
c53b256630be15e7c1132833bb1acac6610ed1b21fa526ed0b14b24dee63e1f327f76bfc7e162389bc0fd2ca02a6cad771b43c4408bca5d605e3688bd2930825
-
SSDEEP
12288:7Mrjy90xe2MZ8YrZ3x6x8efAVKOLiPLf:gyyY8Wx6TsKO+PLf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-