Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4dafa29fd9714eab2dc6c2e879fa065bf8b7b6c44d28fd8e0b730e20ec591f09
-
Size
826KB
-
Sample
241111-b455gszerh
-
MD5
613a0dd4438ac1a30f6d9850d4d27833
-
SHA1
b4b56c8411c8c14134bc2acecd8f27d7e32bf206
-
SHA256
4dafa29fd9714eab2dc6c2e879fa065bf8b7b6c44d28fd8e0b730e20ec591f09
-
SHA512
1ac3dd0a3845cf97b05d859e19f90aceff24e8b0dec29d005a72c08a0fe7a2daac641d91258de061fc6a572389cf9c0727695840ef890a7e14adad65ce911fcd
-
SSDEEP
24576:FyYV5IRu+Bh9jO/V49OYoZ2V71sEYwq0KCB65FeZ:gYrIRlJke9FbsETqwAX
Static task
static1
Behavioral task
behavioral1
Sample
4dafa29fd9714eab2dc6c2e879fa065bf8b7b6c44d28fd8e0b730e20ec591f09.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
crypt1
176.113.115.17:4132
-
auth_value
2e2ca7bbceaa9f98252a6f9fc0e6fa86
Extracted
redline
romka
193.233.20.11:4131
-
auth_value
fcbb3247051f5290e8ac5b1a841af67b
Targets
-
-
Target
4dafa29fd9714eab2dc6c2e879fa065bf8b7b6c44d28fd8e0b730e20ec591f09
-
Size
826KB
-
MD5
613a0dd4438ac1a30f6d9850d4d27833
-
SHA1
b4b56c8411c8c14134bc2acecd8f27d7e32bf206
-
SHA256
4dafa29fd9714eab2dc6c2e879fa065bf8b7b6c44d28fd8e0b730e20ec591f09
-
SHA512
1ac3dd0a3845cf97b05d859e19f90aceff24e8b0dec29d005a72c08a0fe7a2daac641d91258de061fc6a572389cf9c0727695840ef890a7e14adad65ce911fcd
-
SSDEEP
24576:FyYV5IRu+Bh9jO/V49OYoZ2V71sEYwq0KCB65FeZ:gYrIRlJke9FbsETqwAX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-