Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
81b0f02e80fad3040b997505f3392e43d51b693bbcdac9d386bf7acd029bfd96
-
Size
1.0MB
-
Sample
231012-g33wmaea87
-
MD5
e0a2918fcba6822fb2533a5af0580ccd
-
SHA1
b26f693bb5c86c572b3c436f7be692877842794f
-
SHA256
81b0f02e80fad3040b997505f3392e43d51b693bbcdac9d386bf7acd029bfd96
-
SHA512
ef568993bcdbca45c8eda3f01489c03630523453dc04a25d266788d6c667a1ac09e66dd948a922809cac3373385bdd92b5e095f43448a0fb5b1b6f3375d3eefe
-
SSDEEP
12288:fMr/y90AK1aH4oyl7XlKTSyGOyuFR6OK/f+uuYfJw7cXWK4SRhRnX8fazlnQoktC:0ylCv5lpXPOy7fRjS7S5vRrnXb3Fh
Static task
static1
Behavioral task
behavioral1
Sample
81b0f02e80fad3040b997505f3392e43d51b693bbcdac9d386bf7acd029bfd96.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
81b0f02e80fad3040b997505f3392e43d51b693bbcdac9d386bf7acd029bfd96.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
tuxiu
77.91.124.82:19071
-
auth_value
29610cdad07e7187eec70685a04b89fe
Targets
-
-
Target
81b0f02e80fad3040b997505f3392e43d51b693bbcdac9d386bf7acd029bfd96
-
Size
1.0MB
-
MD5
e0a2918fcba6822fb2533a5af0580ccd
-
SHA1
b26f693bb5c86c572b3c436f7be692877842794f
-
SHA256
81b0f02e80fad3040b997505f3392e43d51b693bbcdac9d386bf7acd029bfd96
-
SHA512
ef568993bcdbca45c8eda3f01489c03630523453dc04a25d266788d6c667a1ac09e66dd948a922809cac3373385bdd92b5e095f43448a0fb5b1b6f3375d3eefe
-
SSDEEP
12288:fMr/y90AK1aH4oyl7XlKTSyGOyuFR6OK/f+uuYfJw7cXWK4SRhRnX8fazlnQoktC:0ylCv5lpXPOy7fRjS7S5vRrnXb3Fh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-