Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
938673925454f6f669e6a41f271eab06.exe
-
Size
2.6MB
-
Sample
230415-kepwmsde58
-
MD5
938673925454f6f669e6a41f271eab06
-
SHA1
d5999b564fc9dcfff98bc41ff81db13bc1265f17
-
SHA256
e40fead052850b5d2c4ef6d699c15af82eaee437784b0f359abf5dcc78852b8a
-
SHA512
17a6c314588efe7da5f9edf109afaf351bd66bc5c2f8706c036f0ae37f206d4cbb8c37225050fc82b1d4099bb576c933d9224bffca04d0756b482077bafa61ec
-
SSDEEP
49152:IBJ3XfUVsjwRiI38ihJkravhRJVlsVLR7Ideh9EUkUtxheicMSN:y1XfUVsjwsGhJk0hRJcGdehGQ07
Static task
static1
Behavioral task
behavioral1
Sample
938673925454f6f669e6a41f271eab06.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
938673925454f6f669e6a41f271eab06.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
red1
79.137.202.0:81
-
auth_value
149c864a8f73ae7e8a9904bc94f60da1
Extracted
laplas
http://79.137.199.252
-
api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4
Targets
-
-
Target
938673925454f6f669e6a41f271eab06.exe
-
Size
2.6MB
-
MD5
938673925454f6f669e6a41f271eab06
-
SHA1
d5999b564fc9dcfff98bc41ff81db13bc1265f17
-
SHA256
e40fead052850b5d2c4ef6d699c15af82eaee437784b0f359abf5dcc78852b8a
-
SHA512
17a6c314588efe7da5f9edf109afaf351bd66bc5c2f8706c036f0ae37f206d4cbb8c37225050fc82b1d4099bb576c933d9224bffca04d0756b482077bafa61ec
-
SSDEEP
49152:IBJ3XfUVsjwRiI38ihJkravhRJVlsVLR7Ideh9EUkUtxheicMSN:y1XfUVsjwsGhJk0hRJcGdehGQ07
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-