Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Rh0ES6EV.exe
-
Size
1.1MB
-
Sample
231004-f192gshc8v
-
MD5
eda41d4aeb1a680f6f1115003347ac6e
-
SHA1
094f662631a06c3efc7f6407c996a6aac4d3af00
-
SHA256
855c742abd80826b49dc1e2cc9240fbf5afcf29772ed4a5fae078555dd0f9b64
-
SHA512
7a92569be4de4ccdc8a60dc6bc62df0b3764ce8a6eba737afa6fc3a381375b03f47dd3387ce06d758fdcfd89f425eef42476688c844ce41025690dba242fbee2
-
SSDEEP
24576:VyorWqFGyhgEQglGijLKo/IgH51OeNgiKETcnNSJwo20FORLJ9R7:wmWqFGwg6lGijLKo/hH51OYthTWi2
Static task
static1
Behavioral task
behavioral1
Sample
Rh0ES6EV.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Rh0ES6EV.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
Rh0ES6EV.exe
-
Size
1.1MB
-
MD5
eda41d4aeb1a680f6f1115003347ac6e
-
SHA1
094f662631a06c3efc7f6407c996a6aac4d3af00
-
SHA256
855c742abd80826b49dc1e2cc9240fbf5afcf29772ed4a5fae078555dd0f9b64
-
SHA512
7a92569be4de4ccdc8a60dc6bc62df0b3764ce8a6eba737afa6fc3a381375b03f47dd3387ce06d758fdcfd89f425eef42476688c844ce41025690dba242fbee2
-
SSDEEP
24576:VyorWqFGyhgEQglGijLKo/IgH51OeNgiKETcnNSJwo20FORLJ9R7:wmWqFGwg6lGijLKo/hH51OYthTWi2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-