Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5288369a0c403f621a7b1dc038223874dd174ed3224e7052562dd025551683fc
-
Size
1.0MB
-
Sample
230521-vdkweabc77
-
MD5
2d34dee590f04cf8cc841f1922f751ff
-
SHA1
6e7bb8b89db045c9bfe48a4d0bb21111f745e43e
-
SHA256
5288369a0c403f621a7b1dc038223874dd174ed3224e7052562dd025551683fc
-
SHA512
f23c2b719bbaf3474299e3b4355ab417dd24acdf0726fb6bde7833d80b93f46226ed248f0a3bc8edd26c5721f109cd8ebd0b9b46b8ca7f2ec86da1546c4da49e
-
SSDEEP
24576:vyZk0sWvRovFqd7Ry85JHaRWI48+mjDjWZ01RvvBNDJoponU:6K0bpiFqdo85dktf1e0tNDmpon
Static task
static1
Behavioral task
behavioral1
Sample
5288369a0c403f621a7b1dc038223874dd174ed3224e7052562dd025551683fc.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
diza
185.161.248.37:4138
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
5288369a0c403f621a7b1dc038223874dd174ed3224e7052562dd025551683fc
-
Size
1.0MB
-
MD5
2d34dee590f04cf8cc841f1922f751ff
-
SHA1
6e7bb8b89db045c9bfe48a4d0bb21111f745e43e
-
SHA256
5288369a0c403f621a7b1dc038223874dd174ed3224e7052562dd025551683fc
-
SHA512
f23c2b719bbaf3474299e3b4355ab417dd24acdf0726fb6bde7833d80b93f46226ed248f0a3bc8edd26c5721f109cd8ebd0b9b46b8ca7f2ec86da1546c4da49e
-
SSDEEP
24576:vyZk0sWvRovFqd7Ry85JHaRWI48+mjDjWZ01RvvBNDJoponU:6K0bpiFqdo85dktf1e0tNDmpon
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-