Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7
-
Size
929KB
-
Sample
230923-qn96tsff9w
-
MD5
3755ec6ff61be24c7f3270251e310201
-
SHA1
bd8602f8f69de61cc6d0402a19941700e9f87ee8
-
SHA256
6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7
-
SHA512
4e948e4af57b3a9ddff258ff6961819bef240a9d8ec1efc032dbab652f71bae9a898071081f02f5301e07284e89b1fbf4011ab8332194da23aeee82de8d13810
-
SSDEEP
12288:/MrQy900smtl3kLPvEfte09n9TpRaRPRZXr3o9wZ4bLOVlhrVd8IF+86hUBGE6KH:zyu0leWtfXXYC2VVd6/hUBGEJ+p8HJ
Static task
static1
Behavioral task
behavioral1
Sample
6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
tuxiu
77.91.124.82:19071
-
auth_value
29610cdad07e7187eec70685a04b89fe
Targets
-
-
Target
6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7
-
Size
929KB
-
MD5
3755ec6ff61be24c7f3270251e310201
-
SHA1
bd8602f8f69de61cc6d0402a19941700e9f87ee8
-
SHA256
6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7
-
SHA512
4e948e4af57b3a9ddff258ff6961819bef240a9d8ec1efc032dbab652f71bae9a898071081f02f5301e07284e89b1fbf4011ab8332194da23aeee82de8d13810
-
SSDEEP
12288:/MrQy900smtl3kLPvEfte09n9TpRaRPRZXr3o9wZ4bLOVlhrVd8IF+86hUBGE6KH:zyu0leWtfXXYC2VVd6/hUBGEJ+p8HJ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-