Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file
-
Size
2.1MB
-
Sample
230202-t4xr8aag57
-
MD5
d1433f5b2eada044678af57d87ee31e5
-
SHA1
0493152ee8d18335fa5043be0f80d12331f2ea00
-
SHA256
95702883e883a7fa3f7f20ecf6713b03cd00469644d777b73f36351db97ef3c2
-
SHA512
80dcff2d4e4001d8adb4eff0963921e4335c80bde476492996e74762918663bc84627ae9ca73023f75f799143d3101939ce0a599fafa164f9750481e4bb680c2
-
SSDEEP
49152:V5OaOl3UYvrbFueD40EJbAXOUghn/WsAXZ//t:V59Q3UYvrBusTM8OUgNLY
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.210.137.6:47909
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
file
-
Size
2.1MB
-
MD5
d1433f5b2eada044678af57d87ee31e5
-
SHA1
0493152ee8d18335fa5043be0f80d12331f2ea00
-
SHA256
95702883e883a7fa3f7f20ecf6713b03cd00469644d777b73f36351db97ef3c2
-
SHA512
80dcff2d4e4001d8adb4eff0963921e4335c80bde476492996e74762918663bc84627ae9ca73023f75f799143d3101939ce0a599fafa164f9750481e4bb680c2
-
SSDEEP
49152:V5OaOl3UYvrbFueD40EJbAXOUghn/WsAXZ//t:V59Q3UYvrBusTM8OUgNLY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-