Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
56a3e489fd3419b9eaef27e60f7148a099bdc519611ab2382d7407f32e6963d4
-
Size
479KB
-
Sample
230510-g4z65age2z
-
MD5
cb1fa067e5fa4d2a2ec567c8cb9dee39
-
SHA1
bafc0b73f7bd4216859f9c0db843fb2cd6dd2e9c
-
SHA256
56a3e489fd3419b9eaef27e60f7148a099bdc519611ab2382d7407f32e6963d4
-
SHA512
2d09f22e8c4df72a947f42929dc39a5422e57b8157d6fcada282dafd17bab3e0c2014e0fbfe9e9915e73d5939267f2212a5964652685be39ff8018b3e07aa9a5
-
SSDEEP
12288:lMrxy90NPCqEzpv7mkyiDRFs1QzAuDfL1TsVbNO:8ywCzV9BNFs1QsgL1axO
Static task
static1
Behavioral task
behavioral1
Sample
56a3e489fd3419b9eaef27e60f7148a099bdc519611ab2382d7407f32e6963d4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mufos
217.196.96.102:4132
-
auth_value
136f202e6569ad5815c34377858a255c
Targets
-
-
Target
56a3e489fd3419b9eaef27e60f7148a099bdc519611ab2382d7407f32e6963d4
-
Size
479KB
-
MD5
cb1fa067e5fa4d2a2ec567c8cb9dee39
-
SHA1
bafc0b73f7bd4216859f9c0db843fb2cd6dd2e9c
-
SHA256
56a3e489fd3419b9eaef27e60f7148a099bdc519611ab2382d7407f32e6963d4
-
SHA512
2d09f22e8c4df72a947f42929dc39a5422e57b8157d6fcada282dafd17bab3e0c2014e0fbfe9e9915e73d5939267f2212a5964652685be39ff8018b3e07aa9a5
-
SSDEEP
12288:lMrxy90NPCqEzpv7mkyiDRFs1QzAuDfL1TsVbNO:8ywCzV9BNFs1QsgL1axO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-