Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7f913abeb581f930415ff9239b515178392744c21f91570e428182931eb7840b.bin
-
Size
781KB
-
Sample
230511-w9lcgsbg5x
-
MD5
e4221dd0b5eeac7a09904d4259656b03
-
SHA1
d049025ab6bd9289b1d085c3a3fa4526df8fe3e8
-
SHA256
7f913abeb581f930415ff9239b515178392744c21f91570e428182931eb7840b
-
SHA512
741b1638f1bcf8ad65f586a75a557a127dfef52091056c20b9bbc283dc81313b097ddd0577bbc59d39447e44c8aa233f6a3b8a7018f7c11f055b7cac610d2668
-
SSDEEP
24576:VyyT5yGTOjzHg0/wYwKhu9nW90bxtX9MWY:wyF/T6AK+P9W90fyW
Static task
static1
Behavioral task
behavioral1
Sample
7f913abeb581f930415ff9239b515178392744c21f91570e428182931eb7840b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
7f913abeb581f930415ff9239b515178392744c21f91570e428182931eb7840b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lessa
185.161.248.75:4132
-
auth_value
29d77029685f0783eb0ec17c1b173cb2
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
7f913abeb581f930415ff9239b515178392744c21f91570e428182931eb7840b.bin
-
Size
781KB
-
MD5
e4221dd0b5eeac7a09904d4259656b03
-
SHA1
d049025ab6bd9289b1d085c3a3fa4526df8fe3e8
-
SHA256
7f913abeb581f930415ff9239b515178392744c21f91570e428182931eb7840b
-
SHA512
741b1638f1bcf8ad65f586a75a557a127dfef52091056c20b9bbc283dc81313b097ddd0577bbc59d39447e44c8aa233f6a3b8a7018f7c11f055b7cac610d2668
-
SSDEEP
24576:VyyT5yGTOjzHg0/wYwKhu9nW90bxtX9MWY:wyF/T6AK+P9W90fyW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-