Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
kljnsafdjhjkoh21oiu4hj1oi4jlksdafnmlkewsjnrkl3m4k1l24m2k1.lmofpdwskfmoewkmrlk;321kj41l4kj2l3;kmrfewl;gk,ewr.exe
-
Size
1.3MB
-
Sample
240715-adcvksydqn
-
MD5
ea368a517d295efbd0da95989df0e87e
-
SHA1
3450211181fea3445af60a2baebbba8228521924
-
SHA256
24a1826dd659598ac7f4462f58228a09414263f5e54cfa1d4bf1a1342d1f3353
-
SHA512
c899e54002fe965f0d161ffaeb69c3408153c9901d14642351e6ca9feace3ac69d7eafc22d0b98c0a76dcf2e9c8217c77c227a8c56c02589123aaa9dec775dc0
-
SSDEEP
24576:no5/mrMm4XMZQx/OkmuRgsOK1pf/OGQdNzlA:o9mraMZQx/OkmuRgsOK1pf/OGQdNzlA
Static task
static1
Behavioral task
behavioral1
Sample
kljnsafdjhjkoh21oiu4hj1oi4jlksdafnmlkewsjnrkl3m4k1l24m2k1.lmofpdwskfmoewkmrlk;321kj41l4kj2l3;kmrfewl;gk,ewr.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
kljnsafdjhjkoh21oiu4hj1oi4jlksdafnmlkewsjnrkl3m4k1l24m2k1.lmofpdwskfmoewkmrlk;321kj41l4kj2l3;kmrfewl;gk,ewr.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
redline
@fraufraud
94.228.166.68:80
Targets
-
-
Target
kljnsafdjhjkoh21oiu4hj1oi4jlksdafnmlkewsjnrkl3m4k1l24m2k1.lmofpdwskfmoewkmrlk;321kj41l4kj2l3;kmrfewl;gk,ewr.exe
-
Size
1.3MB
-
MD5
ea368a517d295efbd0da95989df0e87e
-
SHA1
3450211181fea3445af60a2baebbba8228521924
-
SHA256
24a1826dd659598ac7f4462f58228a09414263f5e54cfa1d4bf1a1342d1f3353
-
SHA512
c899e54002fe965f0d161ffaeb69c3408153c9901d14642351e6ca9feace3ac69d7eafc22d0b98c0a76dcf2e9c8217c77c227a8c56c02589123aaa9dec775dc0
-
SSDEEP
24576:no5/mrMm4XMZQx/OkmuRgsOK1pf/OGQdNzlA:o9mraMZQx/OkmuRgsOK1pf/OGQdNzlA
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-