Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3dc0142063fd573df11805fc58463acc7b64690e69cedb67242a7fad93d5df1d
-
Size
875KB
-
Sample
230512-k3ncqace46
-
MD5
48bfda6faf3e3b0e7c5e2d7a20cdb079
-
SHA1
7a282b1899d57eeb3597769544f4f50522c4273f
-
SHA256
3dc0142063fd573df11805fc58463acc7b64690e69cedb67242a7fad93d5df1d
-
SHA512
8f70923f9a203219a97d93bce193ee4ca9e0965fac5f840cca63c097a327a2d4c4f46d9efc2d86d7a6234247959ae906590a32266176c9ea4fa71b35e4e80b41
-
SSDEEP
24576:EyOe4fFl6Plk0EkEfnvN2y6su2ezYN5lCFfg:TOlQkxkEfV2yXjnN5lCJ
Static task
static1
Behavioral task
behavioral1
Sample
3dc0142063fd573df11805fc58463acc7b64690e69cedb67242a7fad93d5df1d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mizer
185.161.248.75:4132
-
auth_value
353ae46e71ea5671b9ed097b65a8a2be
Extracted
redline
jamba
185.161.248.75:4132
-
auth_value
b01bf275593de07ba204560db44b861a
Targets
-
-
Target
3dc0142063fd573df11805fc58463acc7b64690e69cedb67242a7fad93d5df1d
-
Size
875KB
-
MD5
48bfda6faf3e3b0e7c5e2d7a20cdb079
-
SHA1
7a282b1899d57eeb3597769544f4f50522c4273f
-
SHA256
3dc0142063fd573df11805fc58463acc7b64690e69cedb67242a7fad93d5df1d
-
SHA512
8f70923f9a203219a97d93bce193ee4ca9e0965fac5f840cca63c097a327a2d4c4f46d9efc2d86d7a6234247959ae906590a32266176c9ea4fa71b35e4e80b41
-
SSDEEP
24576:EyOe4fFl6Plk0EkEfnvN2y6su2ezYN5lCFfg:TOlQkxkEfV2yXjnN5lCJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-