Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198
-
Size
847KB
-
Sample
230930-qlebdace9z
-
MD5
503da9d1629d30c10c5efc25d4328193
-
SHA1
b94d04f6e6c96d12e7c7695be7ebfb9a1f46f701
-
SHA256
dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198
-
SHA512
a28d03ba2911b1b1654b6f06f90b151aa1929286f0c1f6afcfde813b4a178b28be8845080d717870601c85d0730e66adb9b336a12ce67e98e959779489a65b41
-
SSDEEP
12288:pMr8y90/fEu/uE0IZj5UBup4rHSso2v2R4Dsg0Zra//ZiPWPMi0LsIOIxkYcB8Bf:xyqTuXuRgPwryZ3PTOxkDeQhcP
Static task
static1
Behavioral task
behavioral1
Sample
dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
luska
77.91.124.55:19071
-
auth_value
a6797888f51a88afbfd8854a79ac9357
Targets
-
-
Target
dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198
-
Size
847KB
-
MD5
503da9d1629d30c10c5efc25d4328193
-
SHA1
b94d04f6e6c96d12e7c7695be7ebfb9a1f46f701
-
SHA256
dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198
-
SHA512
a28d03ba2911b1b1654b6f06f90b151aa1929286f0c1f6afcfde813b4a178b28be8845080d717870601c85d0730e66adb9b336a12ce67e98e959779489a65b41
-
SSDEEP
12288:pMr8y90/fEu/uE0IZj5UBup4rHSso2v2R4Dsg0Zra//ZiPWPMi0LsIOIxkYcB8Bf:xyqTuXuRgPwryZ3PTOxkDeQhcP
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-