Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c2dd8beae6f126112d22472a3d4ba06b8a3617e83dd7c7d2d3d7cee250dc1f1a
-
Size
876KB
-
Sample
230512-jgwljacc33
-
MD5
a4242335ad4e631ad9e2ed485e464a24
-
SHA1
0df9bc1a0d49be4564ae8acafb2bdf203b1d08c6
-
SHA256
c2dd8beae6f126112d22472a3d4ba06b8a3617e83dd7c7d2d3d7cee250dc1f1a
-
SHA512
d17331431d5edfca6b298767504c18d3e967c4d0ca429ec14cc8d467843ca66d9ab66db3abf0eb13fcbdde427c83220fea9398ae3ee382e21697f9f99cd51043
-
SSDEEP
24576:OyyJFHr2WgY8t4smYiaHV282ACilcAI1WK:dQFL2Wgu5aHV2dARaAI1W
Static task
static1
Behavioral task
behavioral1
Sample
c2dd8beae6f126112d22472a3d4ba06b8a3617e83dd7c7d2d3d7cee250dc1f1a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dimas
185.161.248.75:4132
-
auth_value
a5db9b1c53c704e612bccc93ccdb5539
Extracted
redline
roza
185.161.248.75:4132
-
auth_value
3e701c8c522386806a8f1f40a90873a7
Targets
-
-
Target
c2dd8beae6f126112d22472a3d4ba06b8a3617e83dd7c7d2d3d7cee250dc1f1a
-
Size
876KB
-
MD5
a4242335ad4e631ad9e2ed485e464a24
-
SHA1
0df9bc1a0d49be4564ae8acafb2bdf203b1d08c6
-
SHA256
c2dd8beae6f126112d22472a3d4ba06b8a3617e83dd7c7d2d3d7cee250dc1f1a
-
SHA512
d17331431d5edfca6b298767504c18d3e967c4d0ca429ec14cc8d467843ca66d9ab66db3abf0eb13fcbdde427c83220fea9398ae3ee382e21697f9f99cd51043
-
SSDEEP
24576:OyyJFHr2WgY8t4smYiaHV282ACilcAI1WK:dQFL2Wgu5aHV2dARaAI1W
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-