Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bce4c2f14de3d573129f4a78c09bb1a6eb060671c15852acd05cafed2f483db4
-
Size
567KB
-
Sample
231012-fg2k1aga21
-
MD5
2cc6cd76d79dcf0755db05f04f40f085
-
SHA1
a2ff4b22b3da8cd8b2a8c8764f0071a3b7403ad7
-
SHA256
bce4c2f14de3d573129f4a78c09bb1a6eb060671c15852acd05cafed2f483db4
-
SHA512
4473555da2d416a288695c311e02f84ef615b2ffd5faf13d3ce3fbf857343bcd4d4053cf36d64dd0095b21e315a63e798f83d14db0ec615d0564b1a065bcf3e2
-
SSDEEP
12288:RMriy90qbRcrpfFoSiLHw/S71LzUpjlCM9tdTDD:TyN1crni8WzUpZCMZ
Static task
static1
Behavioral task
behavioral1
Sample
bce4c2f14de3d573129f4a78c09bb1a6eb060671c15852acd05cafed2f483db4.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
bce4c2f14de3d573129f4a78c09bb1a6eb060671c15852acd05cafed2f483db4.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
trush
77.91.124.82:19071
-
auth_value
c13814867cde8193679cd0cad2d774be
Targets
-
-
Target
bce4c2f14de3d573129f4a78c09bb1a6eb060671c15852acd05cafed2f483db4
-
Size
567KB
-
MD5
2cc6cd76d79dcf0755db05f04f40f085
-
SHA1
a2ff4b22b3da8cd8b2a8c8764f0071a3b7403ad7
-
SHA256
bce4c2f14de3d573129f4a78c09bb1a6eb060671c15852acd05cafed2f483db4
-
SHA512
4473555da2d416a288695c311e02f84ef615b2ffd5faf13d3ce3fbf857343bcd4d4053cf36d64dd0095b21e315a63e798f83d14db0ec615d0564b1a065bcf3e2
-
SSDEEP
12288:RMriy90qbRcrpfFoSiLHw/S71LzUpjlCM9tdTDD:TyN1crni8WzUpZCMZ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-