Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5ab680cdd080f642e02aeea813c498e5ace44c4138d0917c401f6b48e1698cc0
-
Size
1.4MB
-
Sample
230831-rj1bhafa8v
-
MD5
185848d459c0bd5ca310f2e46caeeb0d
-
SHA1
9b5009e9dfb319f60b335d8c0faaa1e607b9ecae
-
SHA256
5ab680cdd080f642e02aeea813c498e5ace44c4138d0917c401f6b48e1698cc0
-
SHA512
c85de696d2d45c2d595821af5bea31fd785da3946533f53bf6c4ffb60723757369cf26e8b69e96f1aa044bbe17ac5518e367e02a4152b892118e9da756ea9ea5
-
SSDEEP
24576:2yvU20wDu6vr47mxK3nX8s55PtI/msY2exMW1wmSMGjFwjDkZAS4GDeVyTdQc:Fsh6vr4yxK3nXlA/msY2M1wmSD+D3S55
Static task
static1
Behavioral task
behavioral1
Sample
5ab680cdd080f642e02aeea813c498e5ace44c4138d0917c401f6b48e1698cc0.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
Extracted
redline
sruta
77.91.124.82:19071
-
auth_value
c556edcd49703319eca74247de20c236
Targets
-
-
Target
5ab680cdd080f642e02aeea813c498e5ace44c4138d0917c401f6b48e1698cc0
-
Size
1.4MB
-
MD5
185848d459c0bd5ca310f2e46caeeb0d
-
SHA1
9b5009e9dfb319f60b335d8c0faaa1e607b9ecae
-
SHA256
5ab680cdd080f642e02aeea813c498e5ace44c4138d0917c401f6b48e1698cc0
-
SHA512
c85de696d2d45c2d595821af5bea31fd785da3946533f53bf6c4ffb60723757369cf26e8b69e96f1aa044bbe17ac5518e367e02a4152b892118e9da756ea9ea5
-
SSDEEP
24576:2yvU20wDu6vr47mxK3nX8s55PtI/msY2exMW1wmSMGjFwjDkZAS4GDeVyTdQc:Fsh6vr4yxK3nXlA/msY2M1wmSD+D3S55
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-