Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
147a61d2d356cac310284d794434efb2be9fad4511d42612cbe4fd1667316c89
-
Size
1.5MB
-
Sample
230504-l78pwsbe94
-
MD5
a676a528385d54d6bf1e2e7e6f236f09
-
SHA1
930fab09126b0e5d6b92bcc6990d9aef9635b1c4
-
SHA256
147a61d2d356cac310284d794434efb2be9fad4511d42612cbe4fd1667316c89
-
SHA512
a621cc2e9dba98b0b09fe8cc55e632f68b08ce74bde3267a56c9a5163a1bd863d57ffac3954ae2d3ff154924f262f2ec47573a9df13107ca77bbe5cff510ffca
-
SSDEEP
24576:qyUeQePEWbH8S88INvScyT/F/uJAgPAIeeJP7o9HHKixKNQs9GU9vx:xU5Fi08I9a5/uaW7sHHfKaaFx
Static task
static1
Behavioral task
behavioral1
Sample
147a61d2d356cac310284d794434efb2be9fad4511d42612cbe4fd1667316c89.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
boom
217.196.96.56:4138
-
auth_value
1ce6aebe15bac07a7bc88b114bc49335
Targets
-
-
Target
147a61d2d356cac310284d794434efb2be9fad4511d42612cbe4fd1667316c89
-
Size
1.5MB
-
MD5
a676a528385d54d6bf1e2e7e6f236f09
-
SHA1
930fab09126b0e5d6b92bcc6990d9aef9635b1c4
-
SHA256
147a61d2d356cac310284d794434efb2be9fad4511d42612cbe4fd1667316c89
-
SHA512
a621cc2e9dba98b0b09fe8cc55e632f68b08ce74bde3267a56c9a5163a1bd863d57ffac3954ae2d3ff154924f262f2ec47573a9df13107ca77bbe5cff510ffca
-
SSDEEP
24576:qyUeQePEWbH8S88INvScyT/F/uJAgPAIeeJP7o9HHKixKNQs9GU9vx:xU5Fi08I9a5/uaW7sHHfKaaFx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-