Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e18e426cca794ae6fc8d14bb7a9ec599b4fb342b722494df7f649d2a9b620ef0
-
Size
480KB
-
Sample
230509-wwtfyadc54
-
MD5
4318880cc4f969c9f3d5b71c0cf15b37
-
SHA1
440eaca9c99211a794c7fe948834cea76425cb32
-
SHA256
e18e426cca794ae6fc8d14bb7a9ec599b4fb342b722494df7f649d2a9b620ef0
-
SHA512
26dd74ded7d4ed27379ce094871f4910aff2b152a4d11cf60682f3a3100b3641f8846b71c38616dbd264d65de2e41d69857f56233c5280d613ea4e88350ed9ef
-
SSDEEP
12288:RMruvy90yHUQkF1J9C1ZVjoUJQRsMYsp86r6DNbz:Zvy9hW1O1Zh/QosmBz
Static task
static1
Behavioral task
behavioral1
Sample
e18e426cca794ae6fc8d14bb7a9ec599b4fb342b722494df7f649d2a9b620ef0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dease
217.196.96.101:4132
-
auth_value
82e4d5f9abc21848e0345118814a4e6c
Targets
-
-
Target
e18e426cca794ae6fc8d14bb7a9ec599b4fb342b722494df7f649d2a9b620ef0
-
Size
480KB
-
MD5
4318880cc4f969c9f3d5b71c0cf15b37
-
SHA1
440eaca9c99211a794c7fe948834cea76425cb32
-
SHA256
e18e426cca794ae6fc8d14bb7a9ec599b4fb342b722494df7f649d2a9b620ef0
-
SHA512
26dd74ded7d4ed27379ce094871f4910aff2b152a4d11cf60682f3a3100b3641f8846b71c38616dbd264d65de2e41d69857f56233c5280d613ea4e88350ed9ef
-
SSDEEP
12288:RMruvy90yHUQkF1J9C1ZVjoUJQRsMYsp86r6DNbz:Zvy9hW1O1Zh/QosmBz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-