Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
00726d7f4288c60fb01042df40921faf2dd8bde85e0b8a43437a12d86b32faac
-
Size
1.0MB
-
Sample
230526-hytylaec59
-
MD5
5b40db41ed305f572079024b20cd8185
-
SHA1
56ac40ef290876e055dfbcd3fa3a2282f8e08a22
-
SHA256
00726d7f4288c60fb01042df40921faf2dd8bde85e0b8a43437a12d86b32faac
-
SHA512
f3945d74c496f4bed3a62a117ea755f2051611f2d2f93ef79c6c4df49deca4c1d75a0606234575f845fb40cf29e78092fb0d1992547671c3244636b35b6b203f
-
SSDEEP
24576:LyFY46y1TDbhkr4d84BkVEM6hV58zGe38N1TZSBpb9iBl1opd8:+3WKoEM6hV5853WZSv9qlGp
Static task
static1
Behavioral task
behavioral1
Sample
00726d7f4288c60fb01042df40921faf2dd8bde85e0b8a43437a12d86b32faac.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
lina
83.97.73.122:19062
-
auth_value
13523aee5d194d7716b22eeab7de10ad
Extracted
redline
greg
83.97.73.122:19062
-
auth_value
4c966a90781c6b4ab7f512d018696362
Targets
-
-
Target
00726d7f4288c60fb01042df40921faf2dd8bde85e0b8a43437a12d86b32faac
-
Size
1.0MB
-
MD5
5b40db41ed305f572079024b20cd8185
-
SHA1
56ac40ef290876e055dfbcd3fa3a2282f8e08a22
-
SHA256
00726d7f4288c60fb01042df40921faf2dd8bde85e0b8a43437a12d86b32faac
-
SHA512
f3945d74c496f4bed3a62a117ea755f2051611f2d2f93ef79c6c4df49deca4c1d75a0606234575f845fb40cf29e78092fb0d1992547671c3244636b35b6b203f
-
SSDEEP
24576:LyFY46y1TDbhkr4d84BkVEM6hV58zGe38N1TZSBpb9iBl1opd8:+3WKoEM6hV5853WZSv9qlGp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-