Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
189fe82cc89ca2b3586e9e9b87333388.exe
-
Size
488KB
-
Sample
230510-zgewsaca3s
-
MD5
189fe82cc89ca2b3586e9e9b87333388
-
SHA1
9b677d710ea409a14a75098c4e040a3df9b8bd36
-
SHA256
96c756e98e7450f83927f62ab06fb7b552dbe454bae1a97a7b22cd866398b5de
-
SHA512
0a8ddf0e18dccb86a1b976a659315f0969fe4d14bb63eea7e6419ea0c99dbb2fecec8acedad45e3c0ae6d5327a5c339cf260b105d206499fcf750a44429b2825
-
SSDEEP
12288:9Mrby90xez70tQ2Q9AJuBFUGRvndP1PeUEn6:myRJ2Q9AJUuGR/PeUv
Static task
static1
Behavioral task
behavioral1
Sample
189fe82cc89ca2b3586e9e9b87333388.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
189fe82cc89ca2b3586e9e9b87333388.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
misik
217.196.96.102:4132
-
auth_value
9133827666bc8f4b05339316460b08aa
Targets
-
-
Target
189fe82cc89ca2b3586e9e9b87333388.exe
-
Size
488KB
-
MD5
189fe82cc89ca2b3586e9e9b87333388
-
SHA1
9b677d710ea409a14a75098c4e040a3df9b8bd36
-
SHA256
96c756e98e7450f83927f62ab06fb7b552dbe454bae1a97a7b22cd866398b5de
-
SHA512
0a8ddf0e18dccb86a1b976a659315f0969fe4d14bb63eea7e6419ea0c99dbb2fecec8acedad45e3c0ae6d5327a5c339cf260b105d206499fcf750a44429b2825
-
SSDEEP
12288:9Mrby90xez70tQ2Q9AJuBFUGRvndP1PeUEn6:myRJ2Q9AJUuGR/PeUv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-