Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c30b4fb833c6e6c5cc0307e82746de060e08980c10d9113fbcf16324ed43841f.exe
-
Size
1.1MB
-
Sample
230514-w6nnfacg66
-
MD5
c2d2c2abfa0804f6f007301b70a04340
-
SHA1
4b0ccb4a94a42861cf511fe91d930b2064b40dcf
-
SHA256
c30b4fb833c6e6c5cc0307e82746de060e08980c10d9113fbcf16324ed43841f
-
SHA512
e645497abcff50452d7d3f9650a2a373619e929ac8579273b598c0f1022736f2d3e418ee213c151930f6ee8fda82952ced990142a99e836b763ef48458f1d596
-
SSDEEP
24576:myHsfkwIO9IOmD9IlEokBl3SirSAykdEpfKhcVQmMytMpEKcYsnGVw5:1HsMjO9IO2yEokD3VuAuJKhetMpvvV
Static task
static1
Behavioral task
behavioral1
Sample
c30b4fb833c6e6c5cc0307e82746de060e08980c10d9113fbcf16324ed43841f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c30b4fb833c6e6c5cc0307e82746de060e08980c10d9113fbcf16324ed43841f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
miran
185.161.248.75:4132
-
auth_value
f1084732cb99b2cbe314a2a565371e6c
Extracted
redline
raven
185.161.248.75:4132
-
auth_value
8b22c01d6173ecee1376933bc63c6028
Targets
-
-
Target
c30b4fb833c6e6c5cc0307e82746de060e08980c10d9113fbcf16324ed43841f.exe
-
Size
1.1MB
-
MD5
c2d2c2abfa0804f6f007301b70a04340
-
SHA1
4b0ccb4a94a42861cf511fe91d930b2064b40dcf
-
SHA256
c30b4fb833c6e6c5cc0307e82746de060e08980c10d9113fbcf16324ed43841f
-
SHA512
e645497abcff50452d7d3f9650a2a373619e929ac8579273b598c0f1022736f2d3e418ee213c151930f6ee8fda82952ced990142a99e836b763ef48458f1d596
-
SSDEEP
24576:myHsfkwIO9IOmD9IlEokBl3SirSAykdEpfKhcVQmMytMpEKcYsnGVw5:1HsMjO9IO2yEokD3VuAuJKhetMpvvV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-