Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8e932013bdc079805765b23e6249a301935deae9447927cf47b2d553f2d5a32f
-
Size
1.1MB
-
Sample
230514-sakp5aee5v
-
MD5
5f7ac41055a7b0fee11a12df6abecffa
-
SHA1
c34dc235709f8f4f77abbd4586ac8fdd33bb25c2
-
SHA256
8e932013bdc079805765b23e6249a301935deae9447927cf47b2d553f2d5a32f
-
SHA512
5afe79df0366e4a3b09f2530c463234aab12faa5fe17f0bcc234bc2d38e45c3e0739310b3d8387e7114a69ef9659b0076227c8b9bd85241391c9cac37e1ddd2a
-
SSDEEP
24576:ky+ADgi6+/e7JYfpv/A3jai+nOKkIb96yzWaLc+nFS1bx13FCYFaTNgHgotUy:z+Akpke8pv/A3+iRxEFnajNFfc6tU
Static task
static1
Behavioral task
behavioral1
Sample
8e932013bdc079805765b23e6249a301935deae9447927cf47b2d553f2d5a32f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
derek
185.161.248.75:4132
-
auth_value
c7030724b2b40537db5ba680b1d82ed2
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
8e932013bdc079805765b23e6249a301935deae9447927cf47b2d553f2d5a32f
-
Size
1.1MB
-
MD5
5f7ac41055a7b0fee11a12df6abecffa
-
SHA1
c34dc235709f8f4f77abbd4586ac8fdd33bb25c2
-
SHA256
8e932013bdc079805765b23e6249a301935deae9447927cf47b2d553f2d5a32f
-
SHA512
5afe79df0366e4a3b09f2530c463234aab12faa5fe17f0bcc234bc2d38e45c3e0739310b3d8387e7114a69ef9659b0076227c8b9bd85241391c9cac37e1ddd2a
-
SSDEEP
24576:ky+ADgi6+/e7JYfpv/A3jai+nOKkIb96yzWaLc+nFS1bx13FCYFaTNgHgotUy:z+Akpke8pv/A3+iRxEFnajNFfc6tU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-