Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cb1c991990f8f38890a1be6e379656064897693c68fbb4fbf59bda98165d5993
-
Size
877KB
-
Sample
230512-f87w4abh93
-
MD5
02bce093c03d75cfd6adfcdbc986bdce
-
SHA1
2b5a3d9948cc89f8b0254b0d4bd969eb13f5db9e
-
SHA256
cb1c991990f8f38890a1be6e379656064897693c68fbb4fbf59bda98165d5993
-
SHA512
913bdf2384f6767f5af4448661a54263dbef609574752a3372ea617dd58cbceebe7ccd021047c9b7981600d7a8f421d195410407ad2731e527ded478b400cedd
-
SSDEEP
24576:WyPA5F+ehJrgXNsX7LqPcMywZBKlRksXUU+BR9NJ:lPAvhhFQSLLHizsXUdRT
Static task
static1
Behavioral task
behavioral1
Sample
cb1c991990f8f38890a1be6e379656064897693c68fbb4fbf59bda98165d5993.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
dimas
185.161.248.75:4132
-
auth_value
a5db9b1c53c704e612bccc93ccdb5539
Extracted
redline
roza
185.161.248.75:4132
-
auth_value
3e701c8c522386806a8f1f40a90873a7
Targets
-
-
Target
cb1c991990f8f38890a1be6e379656064897693c68fbb4fbf59bda98165d5993
-
Size
877KB
-
MD5
02bce093c03d75cfd6adfcdbc986bdce
-
SHA1
2b5a3d9948cc89f8b0254b0d4bd969eb13f5db9e
-
SHA256
cb1c991990f8f38890a1be6e379656064897693c68fbb4fbf59bda98165d5993
-
SHA512
913bdf2384f6767f5af4448661a54263dbef609574752a3372ea617dd58cbceebe7ccd021047c9b7981600d7a8f421d195410407ad2731e527ded478b400cedd
-
SSDEEP
24576:WyPA5F+ehJrgXNsX7LqPcMywZBKlRksXUU+BR9NJ:lPAvhhFQSLLHizsXUdRT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-