Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8aaa8a463b18e95a8ca0d3979da64af9de8e663564ca069ff6e5ff544c58ce20
-
Size
916KB
-
Sample
230524-a15twaab33
-
MD5
4ab0a8e10b4ce44f8b89c01d1b603338
-
SHA1
be65e9c790a38054af5514b831c16d655226b739
-
SHA256
8aaa8a463b18e95a8ca0d3979da64af9de8e663564ca069ff6e5ff544c58ce20
-
SHA512
64a75c28a57ad0123712b16c5e653bc46bd8ae0352e446a9b72463f7b322b00996744d8d90b2eaedaf53134aa0f7e25ed3b11c80241a67bb84438e1826e2bb9b
-
SSDEEP
24576:MyhBQG890qGNIWF1qxg88Yk+4SJaVKoDO97B2:7hBZ890CWl88YkhqaQo8
Static task
static1
Behavioral task
behavioral1
Sample
8aaa8a463b18e95a8ca0d3979da64af9de8e663564ca069ff6e5ff544c58ce20.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.122:19062
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
8aaa8a463b18e95a8ca0d3979da64af9de8e663564ca069ff6e5ff544c58ce20
-
Size
916KB
-
MD5
4ab0a8e10b4ce44f8b89c01d1b603338
-
SHA1
be65e9c790a38054af5514b831c16d655226b739
-
SHA256
8aaa8a463b18e95a8ca0d3979da64af9de8e663564ca069ff6e5ff544c58ce20
-
SHA512
64a75c28a57ad0123712b16c5e653bc46bd8ae0352e446a9b72463f7b322b00996744d8d90b2eaedaf53134aa0f7e25ed3b11c80241a67bb84438e1826e2bb9b
-
SSDEEP
24576:MyhBQG890qGNIWF1qxg88Yk+4SJaVKoDO97B2:7hBZ890CWl88YkhqaQo8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-