Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9cf3a490991a8c8bf088d3e96258c0a0N.exe
-
Size
968KB
-
Sample
240820-1qd7aavepb
-
MD5
9cf3a490991a8c8bf088d3e96258c0a0
-
SHA1
0579860ae04ccfe20c59f86c99e060c9114179b3
-
SHA256
b254d9ed08f3a7398fa49ea2b511ba5591c581c6843518048a60569d949dea9c
-
SHA512
e22e83bab96280aed6b329a4476ed5d24536a1f3eb662583bf32509868bb9523a4309e58a4f73528305285e7d8d1d5a566cd9207b167c1291f4dc3de1a978694
-
SSDEEP
12288:JXCeCOfdk+VhmheZCVtqO9bES8zOFHKPJi4/ubnYLlJ6Gug2tV3:PCMdk+VhpZCVtqxGKPJ3Lz45J
Static task
static1
Behavioral task
behavioral1
Sample
9cf3a490991a8c8bf088d3e96258c0a0N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
9cf3a490991a8c8bf088d3e96258c0a0N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
5195552529
https://pastebin.com/raw/NgsUAPya
Targets
-
-
Target
9cf3a490991a8c8bf088d3e96258c0a0N.exe
-
Size
968KB
-
MD5
9cf3a490991a8c8bf088d3e96258c0a0
-
SHA1
0579860ae04ccfe20c59f86c99e060c9114179b3
-
SHA256
b254d9ed08f3a7398fa49ea2b511ba5591c581c6843518048a60569d949dea9c
-
SHA512
e22e83bab96280aed6b329a4476ed5d24536a1f3eb662583bf32509868bb9523a4309e58a4f73528305285e7d8d1d5a566cd9207b167c1291f4dc3de1a978694
-
SSDEEP
12288:JXCeCOfdk+VhmheZCVtqO9bES8zOFHKPJi4/ubnYLlJ6Gug2tV3:PCMdk+VhpZCVtqxGKPJ3Lz45J
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-