Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c4d5b664cfccddfba1e59f467a050db7f6cee1d75a6a265a4bcdc8bc717c230b
-
Size
1.0MB
-
Sample
230521-f1mk7aba2w
-
MD5
2132cca53b2af1154984382a85596411
-
SHA1
5efc38f0caf6d415c1a7fc899fea3596a9ed3759
-
SHA256
c4d5b664cfccddfba1e59f467a050db7f6cee1d75a6a265a4bcdc8bc717c230b
-
SHA512
99a6bceb1e02af6472e94570ace9329750efe38e07577815143756635741f9a2004c7d887797479a26d7b701c0f018f282c19c14764141d430e6ff4e9cbb0ff6
-
SSDEEP
24576:LyjBF9KUmuR5cU3/qV18RyoUghzI+aMweFqd1LoUu:+JKMB3/qUyN0IAwe0LoU
Static task
static1
Behavioral task
behavioral1
Sample
c4d5b664cfccddfba1e59f467a050db7f6cee1d75a6a265a4bcdc8bc717c230b.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
mixa
185.161.248.37:4138
-
auth_value
9d14534b25ac495ab25b59800acf3bb2
Targets
-
-
Target
c4d5b664cfccddfba1e59f467a050db7f6cee1d75a6a265a4bcdc8bc717c230b
-
Size
1.0MB
-
MD5
2132cca53b2af1154984382a85596411
-
SHA1
5efc38f0caf6d415c1a7fc899fea3596a9ed3759
-
SHA256
c4d5b664cfccddfba1e59f467a050db7f6cee1d75a6a265a4bcdc8bc717c230b
-
SHA512
99a6bceb1e02af6472e94570ace9329750efe38e07577815143756635741f9a2004c7d887797479a26d7b701c0f018f282c19c14764141d430e6ff4e9cbb0ff6
-
SSDEEP
24576:LyjBF9KUmuR5cU3/qV18RyoUghzI+aMweFqd1LoUu:+JKMB3/qUyN0IAwe0LoU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-