Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
676126601d22172cb9bea84e8a8c6b62470dde83b333bc4ee53d3fe5a8eb505f
-
Size
770KB
-
Sample
230511-gac5hadg5v
-
MD5
dd00b099d7026ae539ac82710ee824a7
-
SHA1
0669466458d34ec6e89c14985a3fbd88da7a40d5
-
SHA256
676126601d22172cb9bea84e8a8c6b62470dde83b333bc4ee53d3fe5a8eb505f
-
SHA512
eb4414a2fbe15a32e2a47956f2d626dcc8d9305bfb5467e8a413f44918465ab9ac5a44cb35a2218c2b0435643dc17c8cd7fad901257cfc09759d9127fb5431bd
-
SSDEEP
12288:3Mrjy90JuXVg66RHSkGGwz4VKzOXGaukfjqeRG9DtVY9+w+zuE2q:4yQF6WRmwXGauWG9K+kq
Static task
static1
Behavioral task
behavioral1
Sample
676126601d22172cb9bea84e8a8c6b62470dde83b333bc4ee53d3fe5a8eb505f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
debro
185.161.248.75:4132
-
auth_value
18c2c191aebfde5d1787ec8d805a01a8
Targets
-
-
Target
676126601d22172cb9bea84e8a8c6b62470dde83b333bc4ee53d3fe5a8eb505f
-
Size
770KB
-
MD5
dd00b099d7026ae539ac82710ee824a7
-
SHA1
0669466458d34ec6e89c14985a3fbd88da7a40d5
-
SHA256
676126601d22172cb9bea84e8a8c6b62470dde83b333bc4ee53d3fe5a8eb505f
-
SHA512
eb4414a2fbe15a32e2a47956f2d626dcc8d9305bfb5467e8a413f44918465ab9ac5a44cb35a2218c2b0435643dc17c8cd7fad901257cfc09759d9127fb5431bd
-
SSDEEP
12288:3Mrjy90JuXVg66RHSkGGwz4VKzOXGaukfjqeRG9DtVY9+w+zuE2q:4yQF6WRmwXGauWG9K+kq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-