Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1634b65f8e3942bbb06b6c0c3685e42d6cb0f8681f9cf1fba21b78277e3b20ba
-
Size
929KB
-
Sample
230930-eltwaage9s
-
MD5
76b3a40fd758959fec86fd5a4c865b50
-
SHA1
f4f223739a155d32e88b6289a2a6c501e066340a
-
SHA256
1634b65f8e3942bbb06b6c0c3685e42d6cb0f8681f9cf1fba21b78277e3b20ba
-
SHA512
3eddf821e0acc072caf7db042db5875081240c2ec3cf520d062ecb2568736d0cbd54c7b93d1cda9f3bba13778e2982f6086e0839a7b3934bc8e8403de85aafcc
-
SSDEEP
12288:pMrey90iklQJ7PNUZ+wAeUhY2Tsy0VOcxQc41lfeQ83DE1nYeA7s6BrWRYso2VHp:byZkGJG+HluvxQDeQ5us6p5+IE6nEjV
Static task
static1
Behavioral task
behavioral1
Sample
1634b65f8e3942bbb06b6c0c3685e42d6cb0f8681f9cf1fba21b78277e3b20ba.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
luska
77.91.124.55:19071
-
auth_value
a6797888f51a88afbfd8854a79ac9357
Targets
-
-
Target
1634b65f8e3942bbb06b6c0c3685e42d6cb0f8681f9cf1fba21b78277e3b20ba
-
Size
929KB
-
MD5
76b3a40fd758959fec86fd5a4c865b50
-
SHA1
f4f223739a155d32e88b6289a2a6c501e066340a
-
SHA256
1634b65f8e3942bbb06b6c0c3685e42d6cb0f8681f9cf1fba21b78277e3b20ba
-
SHA512
3eddf821e0acc072caf7db042db5875081240c2ec3cf520d062ecb2568736d0cbd54c7b93d1cda9f3bba13778e2982f6086e0839a7b3934bc8e8403de85aafcc
-
SSDEEP
12288:pMrey90iklQJ7PNUZ+wAeUhY2Tsy0VOcxQc41lfeQ83DE1nYeA7s6BrWRYso2VHp:byZkGJG+HluvxQDeQ5us6p5+IE6nEjV
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-