Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
xY1ol9cz.exe
-
Size
782KB
-
Sample
231024-gwgd2sba9w
-
MD5
40b509736f2336f0ae4798e08093be25
-
SHA1
aef0b5561edf2078238e0550b1468910c0730d2b
-
SHA256
5570e3901d5acc58fb38547e39a9784bf614606e68618789df0d7e29da683d81
-
SHA512
1e42ec6f3e618a4259c5c4b809f3109ff8807e5d83b7f37f541b3eba599f3fe153ea43002eabdfcc2bd4e5e21fc3ece00f95f35ae8c9c4cc09a61e0c07dad22d
-
SSDEEP
12288:/Mray90a9vSkBkezQqbtzOyWHCqr8pJ+FqGQplIkXEFS1+gz4HRLhQWy:JywckLqdpC8efQDtEFS4gEHVy
Static task
static1
Behavioral task
behavioral1
Sample
xY1ol9cz.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
xY1ol9cz.exe
Resource
win10-20231020-en
Malware Config
Extracted
redline
kukish
77.91.124.55:19071
Targets
-
-
Target
xY1ol9cz.exe
-
Size
782KB
-
MD5
40b509736f2336f0ae4798e08093be25
-
SHA1
aef0b5561edf2078238e0550b1468910c0730d2b
-
SHA256
5570e3901d5acc58fb38547e39a9784bf614606e68618789df0d7e29da683d81
-
SHA512
1e42ec6f3e618a4259c5c4b809f3109ff8807e5d83b7f37f541b3eba599f3fe153ea43002eabdfcc2bd4e5e21fc3ece00f95f35ae8c9c4cc09a61e0c07dad22d
-
SSDEEP
12288:/Mray90a9vSkBkezQqbtzOyWHCqr8pJ+FqGQplIkXEFS1+gz4HRLhQWy:JywckLqdpC8efQDtEFS4gEHVy
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-