Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
88c1ee32fb16e295b2e845bd8dd51b93.bin
-
Size
1.1MB
-
Sample
230516-bxbx3aba28
-
MD5
b5b37688e94fc231cb76947f04da385e
-
SHA1
db926609027fd6417504c19f263259a9f0a22afd
-
SHA256
d3c578d67f4b321043fb94c00706cce0db0b5fd3917e725313f3db609aa092e9
-
SHA512
0d2d809d8542c1296c8281a244999e304bd1f24b85f31fbeb779a98d7b0dcddcd7a7349d3d0f424a3fc56e5b0281aafa6ae7483923829a1a4cbf978a165b463c
-
SSDEEP
24576:KLu8AKSdR8K8AZLz25WlpGjt1wtqjPaIdNAiHX1TnGExwyaG:KLPAK8OKFVzJpEIEpN331oyf
Static task
static1
Behavioral task
behavioral1
Sample
fecf856b99edb62d300108f908c3fd958e74291ab84f9f3114caaaf9de229680.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fecf856b99edb62d300108f908c3fd958e74291ab84f9f3114caaaf9de229680.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mufta
185.161.248.75:4132
-
auth_value
171bdaad6dbf652c48d4e9334c756dfa
Extracted
redline
fuga
185.161.248.75:4132
-
auth_value
7c5144ad645deb9fa21680fdaee0d51f
Targets
-
-
Target
fecf856b99edb62d300108f908c3fd958e74291ab84f9f3114caaaf9de229680.exe
-
Size
1.1MB
-
MD5
88c1ee32fb16e295b2e845bd8dd51b93
-
SHA1
6be47a42849f15f565da66dfa097f6b5265f5075
-
SHA256
fecf856b99edb62d300108f908c3fd958e74291ab84f9f3114caaaf9de229680
-
SHA512
577ba596c746d173c7a6718e3af8c9c166a28813cbbb73abecc370bb54ff73edfe99c25f432182b037df90c393eade4577c3f8a86c8b15e2a26bb5677fcf443e
-
SSDEEP
24576:+yABLYhtlEtECOl426WoU44ZkiyW0RHWNBc2DX3MI:NAurlEtEe8xy2o
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-