Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dc7a1d68ff7da9cf2f842d9c2d0bae516917b49bcf12356c67805e2c93a138a5.exe
-
Size
1.1MB
-
Sample
230514-w8rg4sda27
-
MD5
2867927898a5c3103720de2efa94bfb5
-
SHA1
e16af85adb2187b29213f0e02242cd394f1ee382
-
SHA256
dc7a1d68ff7da9cf2f842d9c2d0bae516917b49bcf12356c67805e2c93a138a5
-
SHA512
93e35d08e548eca42e13eba6fa9de32ef5cabe875c7af6cd0ed2eb41d4b4b725bfc1ca5b267ac27561ec54fe40a106522b946a162c7e7c298b04f3856761181e
-
SSDEEP
24576:mygyZgTE+aBSJAc9PWzfYibFAourOL7eFi7MbL9HPY:1gyWJaBSJAcIfn2ryqE7u
Static task
static1
Behavioral task
behavioral1
Sample
dc7a1d68ff7da9cf2f842d9c2d0bae516917b49bcf12356c67805e2c93a138a5.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
dc7a1d68ff7da9cf2f842d9c2d0bae516917b49bcf12356c67805e2c93a138a5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dogma
185.161.248.75:4132
-
auth_value
d6c5d36e9aa03c956dc76aa0fcbe3639
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
dc7a1d68ff7da9cf2f842d9c2d0bae516917b49bcf12356c67805e2c93a138a5.exe
-
Size
1.1MB
-
MD5
2867927898a5c3103720de2efa94bfb5
-
SHA1
e16af85adb2187b29213f0e02242cd394f1ee382
-
SHA256
dc7a1d68ff7da9cf2f842d9c2d0bae516917b49bcf12356c67805e2c93a138a5
-
SHA512
93e35d08e548eca42e13eba6fa9de32ef5cabe875c7af6cd0ed2eb41d4b4b725bfc1ca5b267ac27561ec54fe40a106522b946a162c7e7c298b04f3856761181e
-
SSDEEP
24576:mygyZgTE+aBSJAc9PWzfYibFAourOL7eFi7MbL9HPY:1gyWJaBSJAcIfn2ryqE7u
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-