Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6e03d1e3c363907151d66c7c12ff99d55fce1f467b8a903d5c985640656ac083
-
Size
600KB
-
Sample
230504-lvmlwsbd65
-
MD5
4fe35b7a52b6d2b607a84e28a3fde4e0
-
SHA1
46907876d87c47755932b70cf20f5baa61e9a766
-
SHA256
6e03d1e3c363907151d66c7c12ff99d55fce1f467b8a903d5c985640656ac083
-
SHA512
cef04c41a61d8a6bd3e37d71d663dac9466c586270ec2164338ed2c69289afe4d2e5d5a3c84bdbe5f04f174d6dc4ffb46523e79e423cd3a63fba136e20fb32b9
-
SSDEEP
12288:OMrKy90igqznx0y5gt7lfNmJBtPjziC7VGRlVyv1I:gyNfaNQBlj+C7UjVym
Static task
static1
Behavioral task
behavioral1
Sample
6e03d1e3c363907151d66c7c12ff99d55fce1f467b8a903d5c985640656ac083.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daris
217.196.96.56:4138
-
auth_value
3491f24ae0250969cd45ce4b3fe77549
Targets
-
-
Target
6e03d1e3c363907151d66c7c12ff99d55fce1f467b8a903d5c985640656ac083
-
Size
600KB
-
MD5
4fe35b7a52b6d2b607a84e28a3fde4e0
-
SHA1
46907876d87c47755932b70cf20f5baa61e9a766
-
SHA256
6e03d1e3c363907151d66c7c12ff99d55fce1f467b8a903d5c985640656ac083
-
SHA512
cef04c41a61d8a6bd3e37d71d663dac9466c586270ec2164338ed2c69289afe4d2e5d5a3c84bdbe5f04f174d6dc4ffb46523e79e423cd3a63fba136e20fb32b9
-
SSDEEP
12288:OMrKy90igqznx0y5gt7lfNmJBtPjziC7VGRlVyv1I:gyNfaNQBlj+C7UjVym
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-