Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e8dc9bb8a687a0a322b422159bd3a1441a463204b802c0a8586624219fd53a94
-
Size
1022KB
-
Sample
230521-vn8p8abd28
-
MD5
30a8554c041a232b985b9b5ac0fca14a
-
SHA1
fc18a4375574f21c479c7c6114b0b26041c0fa5f
-
SHA256
e8dc9bb8a687a0a322b422159bd3a1441a463204b802c0a8586624219fd53a94
-
SHA512
ce593396e8a4f63964f9ba76c92044d5f4ffa0b68c86a5d9427743ca968d99b96eb4ed94badc6b8b296738234fb82c897d9cdfafe6a08dce5fbc977e50805524
-
SSDEEP
24576:OyJIZqTgVaHG2Qq5/06fHk9oeHqzXEVUZsASPNn:dJIMTRHG2Qq5/0CHI/HqLEVOsA
Static task
static1
Behavioral task
behavioral1
Sample
e8dc9bb8a687a0a322b422159bd3a1441a463204b802c0a8586624219fd53a94.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
mixa
185.161.248.37:4138
-
auth_value
9d14534b25ac495ab25b59800acf3bb2
Targets
-
-
Target
e8dc9bb8a687a0a322b422159bd3a1441a463204b802c0a8586624219fd53a94
-
Size
1022KB
-
MD5
30a8554c041a232b985b9b5ac0fca14a
-
SHA1
fc18a4375574f21c479c7c6114b0b26041c0fa5f
-
SHA256
e8dc9bb8a687a0a322b422159bd3a1441a463204b802c0a8586624219fd53a94
-
SHA512
ce593396e8a4f63964f9ba76c92044d5f4ffa0b68c86a5d9427743ca968d99b96eb4ed94badc6b8b296738234fb82c897d9cdfafe6a08dce5fbc977e50805524
-
SSDEEP
24576:OyJIZqTgVaHG2Qq5/06fHk9oeHqzXEVUZsASPNn:dJIMTRHG2Qq5/0CHI/HqLEVOsA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-