Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b7041ef5adac226b922b19522ce3bda714e4b31b606264633ebeb8ec0122fc5b
-
Size
769KB
-
Sample
230511-ghrb4adg7t
-
MD5
e51119919b0452c5f61ef64b131dece1
-
SHA1
8af294a00d1e8288db88e9de5d22f018d0997818
-
SHA256
b7041ef5adac226b922b19522ce3bda714e4b31b606264633ebeb8ec0122fc5b
-
SHA512
96c8951bce89540b05962052173cdd1161a4ddd59920678e80ae145dffd4fd9e1a8e34ffdcfc7c1ae6a8d5b93d531420deb1b17352153c5f93a1c8882cf5ee5b
-
SSDEEP
12288:qMrhy909utFrmnigmC3/CaZjyvtT2/KKOD4aghRL+683E4SymKBBBUlDV:jy/ZmnipC3/pZjyFTdD4ag+6KUSBEDV
Static task
static1
Behavioral task
behavioral1
Sample
b7041ef5adac226b922b19522ce3bda714e4b31b606264633ebeb8ec0122fc5b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
debro
185.161.248.75:4132
-
auth_value
18c2c191aebfde5d1787ec8d805a01a8
Targets
-
-
Target
b7041ef5adac226b922b19522ce3bda714e4b31b606264633ebeb8ec0122fc5b
-
Size
769KB
-
MD5
e51119919b0452c5f61ef64b131dece1
-
SHA1
8af294a00d1e8288db88e9de5d22f018d0997818
-
SHA256
b7041ef5adac226b922b19522ce3bda714e4b31b606264633ebeb8ec0122fc5b
-
SHA512
96c8951bce89540b05962052173cdd1161a4ddd59920678e80ae145dffd4fd9e1a8e34ffdcfc7c1ae6a8d5b93d531420deb1b17352153c5f93a1c8882cf5ee5b
-
SSDEEP
12288:qMrhy909utFrmnigmC3/CaZjyvtT2/KKOD4aghRL+683E4SymKBBBUlDV:jy/ZmnipC3/pZjyFTdD4ag+6KUSBEDV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-