Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7cf915909f4e8ad258734b7c292a8eb50afd7d98bae08c09614a36808f9c61c7
-
Size
769KB
-
Sample
230511-mvqh8aeg9z
-
MD5
9a9c1be531c1177086da901fb9c5a5f7
-
SHA1
462527bf6598c44ba0ebb586885bd1ac28c54c89
-
SHA256
7cf915909f4e8ad258734b7c292a8eb50afd7d98bae08c09614a36808f9c61c7
-
SHA512
9e784ba4f961b491af5215c7dfcb705a42158130c1b263b60cebed338108a9d4adceb0f6405de161942443f07b7508f6c8f9a4b6c54eb46b901499f2186e304d
-
SSDEEP
12288:+Mrcy908R+i0+fw361j4BqkS1f/g8KzfkJkrMP9rnHf4mGKI/WjdOAHx:KylQi1j4NI/OrJrMP9L/Tdpx
Static task
static1
Behavioral task
behavioral1
Sample
7cf915909f4e8ad258734b7c292a8eb50afd7d98bae08c09614a36808f9c61c7.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
debro
185.161.248.75:4132
-
auth_value
18c2c191aebfde5d1787ec8d805a01a8
Targets
-
-
Target
7cf915909f4e8ad258734b7c292a8eb50afd7d98bae08c09614a36808f9c61c7
-
Size
769KB
-
MD5
9a9c1be531c1177086da901fb9c5a5f7
-
SHA1
462527bf6598c44ba0ebb586885bd1ac28c54c89
-
SHA256
7cf915909f4e8ad258734b7c292a8eb50afd7d98bae08c09614a36808f9c61c7
-
SHA512
9e784ba4f961b491af5215c7dfcb705a42158130c1b263b60cebed338108a9d4adceb0f6405de161942443f07b7508f6c8f9a4b6c54eb46b901499f2186e304d
-
SSDEEP
12288:+Mrcy908R+i0+fw361j4BqkS1f/g8KzfkJkrMP9rnHf4mGKI/WjdOAHx:KylQi1j4NI/OrJrMP9L/Tdpx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-