Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b1c84e1907e3601e6d98f241bd7b50311195a63b7d7c12db08f40f5c7064ecb8.bin
-
Size
769KB
-
Sample
230511-xapfjahf83
-
MD5
831fc72956d57c25bfdfb95ef1762de5
-
SHA1
08f0a9affff9ddf7ffb4e38cb9539ec23266503b
-
SHA256
b1c84e1907e3601e6d98f241bd7b50311195a63b7d7c12db08f40f5c7064ecb8
-
SHA512
8b227b755201c4c8897656186aca163bc14418678c3cf911f03f98ce0f303c29d0a08da1a9411106a53575e8c04a2fc60dd10d00c2d878424a61936f50476040
-
SSDEEP
12288:4Mrly908AiKlPOl8OJt4+NEzSyKmiOqhPuyi9ILf+8vk/ua8oZpeDvTp:9yTHv74+yz5qhPuyNLxc/up
Static task
static1
Behavioral task
behavioral1
Sample
b1c84e1907e3601e6d98f241bd7b50311195a63b7d7c12db08f40f5c7064ecb8.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b1c84e1907e3601e6d98f241bd7b50311195a63b7d7c12db08f40f5c7064ecb8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
debro
185.161.248.75:4132
-
auth_value
18c2c191aebfde5d1787ec8d805a01a8
Targets
-
-
Target
b1c84e1907e3601e6d98f241bd7b50311195a63b7d7c12db08f40f5c7064ecb8.bin
-
Size
769KB
-
MD5
831fc72956d57c25bfdfb95ef1762de5
-
SHA1
08f0a9affff9ddf7ffb4e38cb9539ec23266503b
-
SHA256
b1c84e1907e3601e6d98f241bd7b50311195a63b7d7c12db08f40f5c7064ecb8
-
SHA512
8b227b755201c4c8897656186aca163bc14418678c3cf911f03f98ce0f303c29d0a08da1a9411106a53575e8c04a2fc60dd10d00c2d878424a61936f50476040
-
SSDEEP
12288:4Mrly908AiKlPOl8OJt4+NEzSyKmiOqhPuyi9ILf+8vk/ua8oZpeDvTp:9yTHv74+yz5qhPuyNLxc/up
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-