Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ab2a976e6dbb7ac7a870b643a6cd30f4ce38e4bf175a4be25f3da2acbc632388
-
Size
1.0MB
-
Sample
230519-n43qksgd8y
-
MD5
43ecad9168b97028b03c445e2bd3013c
-
SHA1
8d974f38c618ef67b6f2120d514de53307cd3856
-
SHA256
ab2a976e6dbb7ac7a870b643a6cd30f4ce38e4bf175a4be25f3da2acbc632388
-
SHA512
6890a8e4d7090e2ed6de3269e51bf27d9a367f71e79e899ec8f7f27db0fbded5461fd4e1f80aacee99c0acf32f7638a8369e0a5e47ce9e97b0ff6bdf16f4cca4
-
SSDEEP
24576:eyZbthJmJyW/M3YFWXw5XEDbFtTB/amUCKcOH:t5tbuyeM3mWg5XEDptlakO
Static task
static1
Behavioral task
behavioral1
Sample
ab2a976e6dbb7ac7a870b643a6cd30f4ce38e4bf175a4be25f3da2acbc632388.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
duper
77.91.68.253:19065
-
auth_value
57e17ebbdb18f4882b95fe05402ef1c8
Targets
-
-
Target
ab2a976e6dbb7ac7a870b643a6cd30f4ce38e4bf175a4be25f3da2acbc632388
-
Size
1.0MB
-
MD5
43ecad9168b97028b03c445e2bd3013c
-
SHA1
8d974f38c618ef67b6f2120d514de53307cd3856
-
SHA256
ab2a976e6dbb7ac7a870b643a6cd30f4ce38e4bf175a4be25f3da2acbc632388
-
SHA512
6890a8e4d7090e2ed6de3269e51bf27d9a367f71e79e899ec8f7f27db0fbded5461fd4e1f80aacee99c0acf32f7638a8369e0a5e47ce9e97b0ff6bdf16f4cca4
-
SSDEEP
24576:eyZbthJmJyW/M3YFWXw5XEDbFtTB/amUCKcOH:t5tbuyeM3mWg5XEDptlakO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-