Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
OBS-Studio-30.1.2-Full-Installer-x64.exe
-
Size
128.3MB
-
Sample
240625-n54n9s1frr
-
MD5
bce9a48d09577df4232002803be8b7e7
-
SHA1
89651d5a375fbe6c0b03e03d7bbd62dac314e2f2
-
SHA256
a4a57464834be9fcea74d15fe5712dcf86e7c673d82706cdf8cfbc5aa9fea17f
-
SHA512
1d31e7b8a356db0d48f614b2f17ad760a9e4a0cd1e358613c328bf5a66c45094618ee520f5d2b1cfce9d5eeb5bd52b95bbe31a1390ead30c699c4cdf1a1084d9
-
SSDEEP
3145728:AxJfr5z+wXxayKEFtlKvbA7Nj3bfmSRcgQ/zjpcazd7jpk:UfVzHFt0U7NTD+ljpcaRZ
Static task
static1
Behavioral task
behavioral1
Sample
OBS-Studio-30.1.2-Full-Installer-x64.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
OBS-Studio-30.1.2-Full-Installer-x64.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
xXx
185.236.228.125:15140
Targets
-
-
Target
OBS-Studio-30.1.2-Full-Installer-x64.exe
-
Size
128.3MB
-
MD5
bce9a48d09577df4232002803be8b7e7
-
SHA1
89651d5a375fbe6c0b03e03d7bbd62dac314e2f2
-
SHA256
a4a57464834be9fcea74d15fe5712dcf86e7c673d82706cdf8cfbc5aa9fea17f
-
SHA512
1d31e7b8a356db0d48f614b2f17ad760a9e4a0cd1e358613c328bf5a66c45094618ee520f5d2b1cfce9d5eeb5bd52b95bbe31a1390ead30c699c4cdf1a1084d9
-
SSDEEP
3145728:AxJfr5z+wXxayKEFtlKvbA7Nj3bfmSRcgQ/zjpcazd7jpk:UfVzHFt0U7NTD+ljpcaRZ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-