Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0adc642d41181f8149ea386a46026288debaa636dd7f24f56236d64fb63d68bd
-
Size
480KB
-
Sample
230509-p8hfwahg9y
-
MD5
ce4bced31a11b81dc45c64643d3d974d
-
SHA1
00a2880086aebf573a4968abce3c3017a521d065
-
SHA256
0adc642d41181f8149ea386a46026288debaa636dd7f24f56236d64fb63d68bd
-
SHA512
98aba91196f90e88c1b6a5472e2d0b079f75104b77bf4c51d63f61261fb1369b2f62af246915a6b6203f110eb2f684129aa43984a68b5a3136e266c19539c793
-
SSDEEP
6144:Kzy+bnr+dp0yN90QEapd9tzXepEzZC1VQsqsntVTjjU+RoNsNGDxqCqOWuRa3ZIc:hMrty90md9tzl29qIjpoXECqlsnon/
Static task
static1
Behavioral task
behavioral1
Sample
0adc642d41181f8149ea386a46026288debaa636dd7f24f56236d64fb63d68bd.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mofun
217.196.96.101:4132
-
auth_value
da5d4987d25c2de43d34fcc99b29fff3
Targets
-
-
Target
0adc642d41181f8149ea386a46026288debaa636dd7f24f56236d64fb63d68bd
-
Size
480KB
-
MD5
ce4bced31a11b81dc45c64643d3d974d
-
SHA1
00a2880086aebf573a4968abce3c3017a521d065
-
SHA256
0adc642d41181f8149ea386a46026288debaa636dd7f24f56236d64fb63d68bd
-
SHA512
98aba91196f90e88c1b6a5472e2d0b079f75104b77bf4c51d63f61261fb1369b2f62af246915a6b6203f110eb2f684129aa43984a68b5a3136e266c19539c793
-
SSDEEP
6144:Kzy+bnr+dp0yN90QEapd9tzXepEzZC1VQsqsntVTjjU+RoNsNGDxqCqOWuRa3ZIc:hMrty90md9tzl29qIjpoXECqlsnon/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-