Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d4c5bfcb211a32baab5dc2ed9e8286aa49a109d5f2816dba4872b55e3422205a
-
Size
478KB
-
Sample
230510-pznxasga65
-
MD5
7eaff18a4bcacadc03b9c9bab230dbfe
-
SHA1
02760d66197e3dacacc5cff278c2b775628dcb1c
-
SHA256
d4c5bfcb211a32baab5dc2ed9e8286aa49a109d5f2816dba4872b55e3422205a
-
SHA512
962e02e6ce67f156d7ea35e0d01327f571d5f23d1cc2b949c1fa7f5fcbd2aa6c45da3cf80c26a06cf14d67d8f2738ad57a3cb34ae5887b27352bc0895435b07e
-
SSDEEP
12288:xMrmy90lOzBCfcPzir98CtOdk76Ta4+miGoZaTp:jygOzXz+9JKk7Xp5g
Static task
static1
Behavioral task
behavioral1
Sample
d4c5bfcb211a32baab5dc2ed9e8286aa49a109d5f2816dba4872b55e3422205a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mauga
217.196.96.102:4132
-
auth_value
36f5411cf117f54076fbbb9ea0631fee
Targets
-
-
Target
d4c5bfcb211a32baab5dc2ed9e8286aa49a109d5f2816dba4872b55e3422205a
-
Size
478KB
-
MD5
7eaff18a4bcacadc03b9c9bab230dbfe
-
SHA1
02760d66197e3dacacc5cff278c2b775628dcb1c
-
SHA256
d4c5bfcb211a32baab5dc2ed9e8286aa49a109d5f2816dba4872b55e3422205a
-
SHA512
962e02e6ce67f156d7ea35e0d01327f571d5f23d1cc2b949c1fa7f5fcbd2aa6c45da3cf80c26a06cf14d67d8f2738ad57a3cb34ae5887b27352bc0895435b07e
-
SSDEEP
12288:xMrmy90lOzBCfcPzir98CtOdk76Ta4+miGoZaTp:jygOzXz+9JKk7Xp5g
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-