Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
20540f8cbd1837c3d99da3b542a7155d.exe
-
Size
687KB
-
Sample
221021-r7edyaffe2
-
MD5
20540f8cbd1837c3d99da3b542a7155d
-
SHA1
1b33b15b168d69b6d594ea049f8d92812f25b9a6
-
SHA256
a0bf7c1184092027ccea8b4381e7f359662bcc317ac4c7a2e02459d1b66d9da6
-
SHA512
2ab4669b9429aab13e43993e6dd7cdbcfdaa0c8942364081bc8ace85997c6b641769615f54f41ba1e7751fbd83639644f533294392617c201e6951c9188e2de0
-
SSDEEP
3072:9ahKyd2n31s5nFiizBaaAjLtdyuIIkIA4QWMHb030FhCt64yo:9ahOABdGLnyuIIkIxV0FB
Static task
static1
Behavioral task
behavioral1
Sample
20540f8cbd1837c3d99da3b542a7155d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
20540f8cbd1837c3d99da3b542a7155d.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
Testing
46.3.199.124:27968
-
auth_value
2e03f2e71c0fde73929d6d088968e2de
Targets
-
-
Target
20540f8cbd1837c3d99da3b542a7155d.exe
-
Size
687KB
-
MD5
20540f8cbd1837c3d99da3b542a7155d
-
SHA1
1b33b15b168d69b6d594ea049f8d92812f25b9a6
-
SHA256
a0bf7c1184092027ccea8b4381e7f359662bcc317ac4c7a2e02459d1b66d9da6
-
SHA512
2ab4669b9429aab13e43993e6dd7cdbcfdaa0c8942364081bc8ace85997c6b641769615f54f41ba1e7751fbd83639644f533294392617c201e6951c9188e2de0
-
SSDEEP
3072:9ahKyd2n31s5nFiizBaaAjLtdyuIIkIA4QWMHb030FhCt64yo:9ahOABdGLnyuIIkIxV0FB
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-