Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2a96b4fac36efb0df7930f7fe19b9b6a
-
Size
309KB
-
Sample
231231-gg399sbaa6
-
MD5
2a96b4fac36efb0df7930f7fe19b9b6a
-
SHA1
9bbc377eeb1f58002cfea817f78efa91b16e85ec
-
SHA256
be2d3b6889b9ca8882be65aff3224179df54c0599b2fad90bdb55e211024472e
-
SHA512
82ad01d52c443e62463a3140aded6b473c6dfdc03dd56609f67024b32bd37a8945131e0a7077855f59249da56994633e389a71c57d259c1d12c7ff04a5b3b8f4
-
SSDEEP
3072:nJJh6BbCqA4w//xQwRti4LT8yf6905sd1MvfN2FjGVr51VXNmfV8XBJ3dAQ:fkXAD2qDLKDyfN2ZgrTV9mfVSXdA
Static task
static1
Behavioral task
behavioral1
Sample
2a96b4fac36efb0df7930f7fe19b9b6a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2a96b4fac36efb0df7930f7fe19b9b6a.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
@DashyKnight
80.89.229.97:7479
Targets
-
-
Target
2a96b4fac36efb0df7930f7fe19b9b6a
-
Size
309KB
-
MD5
2a96b4fac36efb0df7930f7fe19b9b6a
-
SHA1
9bbc377eeb1f58002cfea817f78efa91b16e85ec
-
SHA256
be2d3b6889b9ca8882be65aff3224179df54c0599b2fad90bdb55e211024472e
-
SHA512
82ad01d52c443e62463a3140aded6b473c6dfdc03dd56609f67024b32bd37a8945131e0a7077855f59249da56994633e389a71c57d259c1d12c7ff04a5b3b8f4
-
SSDEEP
3072:nJJh6BbCqA4w//xQwRti4LT8yf6905sd1MvfN2FjGVr51VXNmfV8XBJ3dAQ:fkXAD2qDLKDyfN2ZgrTV9mfVSXdA
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-