Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
664d34a421900283c0f9c9a099ce80cd4774df50979888fe711be51b878c84f4
-
Size
913KB
-
Sample
231011-y27lvscg74
-
MD5
3b031be777ad59f4ef2798e5334bf00b
-
SHA1
d7a5673ac36b1cafeada08dd33461ff465ca01fa
-
SHA256
e5d89d247eaf052187a418439a1f1a6b1bc713b5e1937bcd9f730a9b0e7b99e9
-
SHA512
7d2a0dd7b7e6d014cabd1634d7d5a9479339c5dd91ca7fab11f94e790af9f1db74b30b5c19552e2279c88edd2cd9d880183dea466256fc5838dc6aead8a9db99
-
SSDEEP
24576:3lyXsnuYgC2mx28xdtdIGvtk/KaFW/OjC95SyN5bcKwiw:wcLVJx5dtdfv6iaIXiMwiw
Static task
static1
Behavioral task
behavioral1
Sample
664d34a421900283c0f9c9a099ce80cd4774df50979888fe711be51b878c84f4.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
664d34a421900283c0f9c9a099ce80cd4774df50979888fe711be51b878c84f4.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
tuxiu
77.91.124.82:19071
-
auth_value
29610cdad07e7187eec70685a04b89fe
Targets
-
-
Target
664d34a421900283c0f9c9a099ce80cd4774df50979888fe711be51b878c84f4
-
Size
957KB
-
MD5
da23352a594c97e931832f1ece7e3b1e
-
SHA1
8eeb6854088d07502578b467ad716c39d985f7b6
-
SHA256
664d34a421900283c0f9c9a099ce80cd4774df50979888fe711be51b878c84f4
-
SHA512
77de8c75004aae778baf63f83b6d54ae1772d80139653ae79ed67d828319589c8b73a7ade7e255356635701ffbaaf9f17df4900864df17ac94b945400ac9e901
-
SSDEEP
24576:ey1Fu2uC2q1c8V5tHIGvLk/y2FI/IjC9RS4lvbG9bi2:t1BfX1v5tHfv462uFqLi
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-