Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9b33e68d6a02c597c1ec96254f19793883077a337ba0ff9a55f989ddf396839d
-
Size
490KB
-
Sample
230510-par8esfg95
-
MD5
49d411770b1ba3956bbbb23c4e65ada9
-
SHA1
a4b2193fad68f10bd155f899a6561b53b28cdd06
-
SHA256
9b33e68d6a02c597c1ec96254f19793883077a337ba0ff9a55f989ddf396839d
-
SHA512
7ec99f66c944d4e046838ccef5c46c652ad4ad2c4dfe83dca8553266ffdc5930764842a9b84dca0e1e0e3cdbf62bd9b47f843cb0ae6e1f7578850135266655e1
-
SSDEEP
12288:9MrWy90Cuw4HwjdpMncdv1pU08Go9x7ca35Cqi:byIfH/ck9x71i
Static task
static1
Behavioral task
behavioral1
Sample
9b33e68d6a02c597c1ec96254f19793883077a337ba0ff9a55f989ddf396839d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lirot
217.196.96.102:4132
-
auth_value
0719dc312a5ab622cdc667a6937558df
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
9b33e68d6a02c597c1ec96254f19793883077a337ba0ff9a55f989ddf396839d
-
Size
490KB
-
MD5
49d411770b1ba3956bbbb23c4e65ada9
-
SHA1
a4b2193fad68f10bd155f899a6561b53b28cdd06
-
SHA256
9b33e68d6a02c597c1ec96254f19793883077a337ba0ff9a55f989ddf396839d
-
SHA512
7ec99f66c944d4e046838ccef5c46c652ad4ad2c4dfe83dca8553266ffdc5930764842a9b84dca0e1e0e3cdbf62bd9b47f843cb0ae6e1f7578850135266655e1
-
SSDEEP
12288:9MrWy90Cuw4HwjdpMncdv1pU08Go9x7ca35Cqi:byIfH/ck9x71i
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-