Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0b45c12afd9155f0e6d1f80407f5b755a3acf6e1c71bacacb3510d1ecdc75f3c
-
Size
1.1MB
-
Sample
230515-1hbq7aac68
-
MD5
1e401ee79958f4d9745e03d67f21c773
-
SHA1
9598ea41fcd2ecc8ff25f9b2ace110938b34a329
-
SHA256
0b45c12afd9155f0e6d1f80407f5b755a3acf6e1c71bacacb3510d1ecdc75f3c
-
SHA512
61de776d0f90f0c39e2579df79c4dbfdc51f1ad05c076cb604cf6a2b428d73b2afa1fa55849880c30c869abc67837aa595d9c793d12ec5d373b7e1278d3e1365
-
SSDEEP
24576:AyTca9lWXbIE/S+TEAngpZN6qFl+eEQOH2XEbme/7r9/9fx5b7:HAElkb1LEAnAZ+DsEKe/7p/Jxd
Static task
static1
Behavioral task
behavioral1
Sample
0b45c12afd9155f0e6d1f80407f5b755a3acf6e1c71bacacb3510d1ecdc75f3c.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
maza
185.161.248.25:4132
-
auth_value
474d54c1c2f5291290c53f8378acd684
Extracted
redline
sister
185.161.248.25:4132
-
auth_value
61021810f83e6d5e6ff303aaac03c0e1
Targets
-
-
Target
0b45c12afd9155f0e6d1f80407f5b755a3acf6e1c71bacacb3510d1ecdc75f3c
-
Size
1.1MB
-
MD5
1e401ee79958f4d9745e03d67f21c773
-
SHA1
9598ea41fcd2ecc8ff25f9b2ace110938b34a329
-
SHA256
0b45c12afd9155f0e6d1f80407f5b755a3acf6e1c71bacacb3510d1ecdc75f3c
-
SHA512
61de776d0f90f0c39e2579df79c4dbfdc51f1ad05c076cb604cf6a2b428d73b2afa1fa55849880c30c869abc67837aa595d9c793d12ec5d373b7e1278d3e1365
-
SSDEEP
24576:AyTca9lWXbIE/S+TEAngpZN6qFl+eEQOH2XEbme/7r9/9fx5b7:HAElkb1LEAnAZ+DsEKe/7p/Jxd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-