Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
01631899.exe
-
Size
579KB
-
Sample
230605-npt5wsgg6w
-
MD5
e57bd800c2b9b6f8c5c3324fe024c3ae
-
SHA1
b8fd5b38b20f8cfdf4a008cea73e16f67cf116b7
-
SHA256
dc0c2afadac0b53ac6bd604a4975a2c67fc55a3e0db84b6f4b8c877035cf703e
-
SHA512
391b238c2eae9d176f0d5ac48864574b8d53655b8901cde0411a16a76662e120a527d7d8755fa8529da9b3f7cfc0def1e35ea548ca1e0442577874a26a8ca4c6
-
SSDEEP
12288:eMrUy90yhscc2tsay19JXhfeTrMYzNIJYZbUjqf1JU1us1sdl:Gyucrty19JXh2T4LwbQGJoLSD
Static task
static1
Behavioral task
behavioral1
Sample
01631899.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
01631899.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.126:19046
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
01631899.exe
-
Size
579KB
-
MD5
e57bd800c2b9b6f8c5c3324fe024c3ae
-
SHA1
b8fd5b38b20f8cfdf4a008cea73e16f67cf116b7
-
SHA256
dc0c2afadac0b53ac6bd604a4975a2c67fc55a3e0db84b6f4b8c877035cf703e
-
SHA512
391b238c2eae9d176f0d5ac48864574b8d53655b8901cde0411a16a76662e120a527d7d8755fa8529da9b3f7cfc0def1e35ea548ca1e0442577874a26a8ca4c6
-
SSDEEP
12288:eMrUy90yhscc2tsay19JXhfeTrMYzNIJYZbUjqf1JU1us1sdl:Gyucrty19JXh2T4LwbQGJoLSD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-