Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5d6b96d3b89efb4f72865341c5ed484fab742a181face0eaf7d642e002eebb93
-
Size
206KB
-
Sample
230607-p7wbcaag45
-
MD5
73bc64c893ede2084d4fdc76ab3c0e0c
-
SHA1
68f989f85916bba1d0ffb7708f1485374cf19bd6
-
SHA256
5d6b96d3b89efb4f72865341c5ed484fab742a181face0eaf7d642e002eebb93
-
SHA512
ae803509c8041cc7a113fd02d8d4e263db4ca153fecea953163fa77ab41540d4665fa0ba878a52ba6f52aaf6e610b505d0e45896eaa2a41c29b5a951f4e2231d
-
SSDEEP
3072:meTRJ0kHbnpN23kQKp5XzutZXKGrpeN84LuZAIybiy3xEfbi:FTR2AnpN2wDurXBeBuZAIMEj
Static task
static1
Behavioral task
behavioral1
Sample
5d6b96d3b89efb4f72865341c5ed484fab742a181face0eaf7d642e002eebb93.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.129:19068
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
5d6b96d3b89efb4f72865341c5ed484fab742a181face0eaf7d642e002eebb93
-
Size
206KB
-
MD5
73bc64c893ede2084d4fdc76ab3c0e0c
-
SHA1
68f989f85916bba1d0ffb7708f1485374cf19bd6
-
SHA256
5d6b96d3b89efb4f72865341c5ed484fab742a181face0eaf7d642e002eebb93
-
SHA512
ae803509c8041cc7a113fd02d8d4e263db4ca153fecea953163fa77ab41540d4665fa0ba878a52ba6f52aaf6e610b505d0e45896eaa2a41c29b5a951f4e2231d
-
SSDEEP
3072:meTRJ0kHbnpN23kQKp5XzutZXKGrpeN84LuZAIybiy3xEfbi:FTR2AnpN2wDurXBeBuZAIMEj
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-