Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e8746a37d1389b3c1d722c790501d9e5f9a8c94af218dccceb17eaae05975bde
-
Size
1.1MB
-
Sample
230514-j76t7ade6v
-
MD5
524136e2377c536c2586c9971ccc5d9c
-
SHA1
8a23ed99e5680a68ff5b9a346dc895fc16dd2acc
-
SHA256
e8746a37d1389b3c1d722c790501d9e5f9a8c94af218dccceb17eaae05975bde
-
SHA512
ef9f730a227a7ebe4c9030209f84a9e92523d59b7636b2439b481eb2f7c208b8adca79afb40da9361e4e976b52e2dd29a14a74cc7de1018254d928c8c94ec638
-
SSDEEP
24576:FyIvtXvTuL03T9Py6plEClrbT3uvSkw1Fopzy7I6hc2JVoACngc0o:gIljjdbD3u67FSG7I622HCngR
Static task
static1
Behavioral task
behavioral1
Sample
e8746a37d1389b3c1d722c790501d9e5f9a8c94af218dccceb17eaae05975bde.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
luka
185.161.248.75:4132
-
auth_value
44560bcd37d6bf076da309730fdb519a
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
e8746a37d1389b3c1d722c790501d9e5f9a8c94af218dccceb17eaae05975bde
-
Size
1.1MB
-
MD5
524136e2377c536c2586c9971ccc5d9c
-
SHA1
8a23ed99e5680a68ff5b9a346dc895fc16dd2acc
-
SHA256
e8746a37d1389b3c1d722c790501d9e5f9a8c94af218dccceb17eaae05975bde
-
SHA512
ef9f730a227a7ebe4c9030209f84a9e92523d59b7636b2439b481eb2f7c208b8adca79afb40da9361e4e976b52e2dd29a14a74cc7de1018254d928c8c94ec638
-
SSDEEP
24576:FyIvtXvTuL03T9Py6plEClrbT3uvSkw1Fopzy7I6hc2JVoACngc0o:gIljjdbD3u67FSG7I622HCngR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-