Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
99fdc3f2480ce3d3446916cce4ab33f71c52e1713eed7c8a8f9dc0f51cafa03d
-
Size
875KB
-
Sample
230511-vesbwaah9t
-
MD5
23332cdd082af5d98bbd2b261164253f
-
SHA1
1f686409309ed3f4d6ffbaec4e6c13c980bfa3d8
-
SHA256
99fdc3f2480ce3d3446916cce4ab33f71c52e1713eed7c8a8f9dc0f51cafa03d
-
SHA512
05d1e55647b6608cb87cd2d4374eb63d73355b91c433ff60a896dc9803f9236c7fb62d074251e4e24bd48f9a84499e9644d336db30535ce623c29f206e58ee5b
-
SSDEEP
24576:pydxrE/44VDt2pOEwp3ntFFeVwLnzlCaVuv:cdxrE/44qe3tamjzlCag
Static task
static1
Behavioral task
behavioral1
Sample
99fdc3f2480ce3d3446916cce4ab33f71c52e1713eed7c8a8f9dc0f51cafa03d.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
mixer
185.161.248.75:4132
-
auth_value
3668eba4f0cb1021a9e9ed55e76ed85e
Extracted
redline
roza
185.161.248.75:4132
-
auth_value
3e701c8c522386806a8f1f40a90873a7
Targets
-
-
Target
99fdc3f2480ce3d3446916cce4ab33f71c52e1713eed7c8a8f9dc0f51cafa03d
-
Size
875KB
-
MD5
23332cdd082af5d98bbd2b261164253f
-
SHA1
1f686409309ed3f4d6ffbaec4e6c13c980bfa3d8
-
SHA256
99fdc3f2480ce3d3446916cce4ab33f71c52e1713eed7c8a8f9dc0f51cafa03d
-
SHA512
05d1e55647b6608cb87cd2d4374eb63d73355b91c433ff60a896dc9803f9236c7fb62d074251e4e24bd48f9a84499e9644d336db30535ce623c29f206e58ee5b
-
SSDEEP
24576:pydxrE/44VDt2pOEwp3ntFFeVwLnzlCaVuv:cdxrE/44qe3tamjzlCag
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-