Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
94ea40e4cc4298ec08fda6845a3d66b314319369dd27070a475e214845906c01.bin
-
Size
875KB
-
Sample
230511-w9xerahf24
-
MD5
1f060c2b8b90496ce9e40f3d97b39da9
-
SHA1
f2a10dd0d743b4d7e503e16ccb690bb568454b82
-
SHA256
94ea40e4cc4298ec08fda6845a3d66b314319369dd27070a475e214845906c01
-
SHA512
128f62b211609695e11a338f8c165c956410afda012bec01c76def8b91515cad85505c41f96a25a1d631920d9e1db45639cf74a1e5df4a0ff2c8f29121d7134b
-
SSDEEP
24576:Zyw+o2+3snRmsSDY4Cgh6sCWylRFvfXl1BB:MZSKihtcrJXlz
Static task
static1
Behavioral task
behavioral1
Sample
94ea40e4cc4298ec08fda6845a3d66b314319369dd27070a475e214845906c01.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
94ea40e4cc4298ec08fda6845a3d66b314319369dd27070a475e214845906c01.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mixer
185.161.248.75:4132
-
auth_value
3668eba4f0cb1021a9e9ed55e76ed85e
Extracted
redline
roza
185.161.248.75:4132
-
auth_value
3e701c8c522386806a8f1f40a90873a7
Targets
-
-
Target
94ea40e4cc4298ec08fda6845a3d66b314319369dd27070a475e214845906c01.bin
-
Size
875KB
-
MD5
1f060c2b8b90496ce9e40f3d97b39da9
-
SHA1
f2a10dd0d743b4d7e503e16ccb690bb568454b82
-
SHA256
94ea40e4cc4298ec08fda6845a3d66b314319369dd27070a475e214845906c01
-
SHA512
128f62b211609695e11a338f8c165c956410afda012bec01c76def8b91515cad85505c41f96a25a1d631920d9e1db45639cf74a1e5df4a0ff2c8f29121d7134b
-
SSDEEP
24576:Zyw+o2+3snRmsSDY4Cgh6sCWylRFvfXl1BB:MZSKihtcrJXlz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-