Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
67e2ed7bf15aa61396794bc48623e14f4f69401b8bf4f9ed9e1fff7d10019920
-
Size
1.1MB
-
Sample
230513-jcv47sfg49
-
MD5
57098189c9ac0035b8d01948654fd88e
-
SHA1
c13d0ac4885280f8de54bd6ffaa9c276cd1a9d92
-
SHA256
67e2ed7bf15aa61396794bc48623e14f4f69401b8bf4f9ed9e1fff7d10019920
-
SHA512
8b1e68c065dfa3dc5cc8990c9bfe4642c870fe7aa4477de5e66f586f6b51163d12cccacc8edc9325534a1d8f274c82633ca232a035cde08971c844c49543fd9e
-
SSDEEP
24576:vyCJKUY/fRnhGN9+EPM8K9RyLtKhjSpK/7Od/8hzjAkCxkxp:6n3BhGn+gM19RyJKh8pWVx
Static task
static1
Behavioral task
behavioral1
Sample
67e2ed7bf15aa61396794bc48623e14f4f69401b8bf4f9ed9e1fff7d10019920.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
doma
185.161.248.75:4132
-
auth_value
8be53af7f78567706928d0abef953ef4
Extracted
redline
joana
185.161.248.75:4132
-
auth_value
85090ed112d639bb782481da2912487a
Targets
-
-
Target
67e2ed7bf15aa61396794bc48623e14f4f69401b8bf4f9ed9e1fff7d10019920
-
Size
1.1MB
-
MD5
57098189c9ac0035b8d01948654fd88e
-
SHA1
c13d0ac4885280f8de54bd6ffaa9c276cd1a9d92
-
SHA256
67e2ed7bf15aa61396794bc48623e14f4f69401b8bf4f9ed9e1fff7d10019920
-
SHA512
8b1e68c065dfa3dc5cc8990c9bfe4642c870fe7aa4477de5e66f586f6b51163d12cccacc8edc9325534a1d8f274c82633ca232a035cde08971c844c49543fd9e
-
SSDEEP
24576:vyCJKUY/fRnhGN9+EPM8K9RyLtKhjSpK/7Od/8hzjAkCxkxp:6n3BhGn+gM19RyJKh8pWVx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-