Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f71827e238922a4eaa0d6a6a18c3df0d359021c869a2a3c819a71385916cee82
-
Size
1.1MB
-
Sample
230515-ce5cbsgf7z
-
MD5
f864ceeec1a58be165285c6e3f6abbd0
-
SHA1
44b29fb2b20df3fb7751a8157d4b8e9633395924
-
SHA256
f71827e238922a4eaa0d6a6a18c3df0d359021c869a2a3c819a71385916cee82
-
SHA512
89d1ec6fc192b4cedfbc07deeb5fb7c3ae349cf84906877800f146b9f6bff2bf5968941d5c4ec82b5198848125dbdc5fdef0289c2bc619e2ff382196271bb27a
-
SSDEEP
24576:PyB95YbZBDSKBtxi3J0dzWPcVq5xF7TXydkXHwHVdkRc13lL9:aKbZBDpto50QcMxYkXHla
Static task
static1
Behavioral task
behavioral1
Sample
f71827e238922a4eaa0d6a6a18c3df0d359021c869a2a3c819a71385916cee82.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lopuh
185.161.248.75:4132
-
auth_value
5852b05de9da526581993068a4e7e915
Extracted
redline
horor
185.161.248.75:4132
-
auth_value
b8d506fe48db15c38fb031d07f42d529
Targets
-
-
Target
f71827e238922a4eaa0d6a6a18c3df0d359021c869a2a3c819a71385916cee82
-
Size
1.1MB
-
MD5
f864ceeec1a58be165285c6e3f6abbd0
-
SHA1
44b29fb2b20df3fb7751a8157d4b8e9633395924
-
SHA256
f71827e238922a4eaa0d6a6a18c3df0d359021c869a2a3c819a71385916cee82
-
SHA512
89d1ec6fc192b4cedfbc07deeb5fb7c3ae349cf84906877800f146b9f6bff2bf5968941d5c4ec82b5198848125dbdc5fdef0289c2bc619e2ff382196271bb27a
-
SSDEEP
24576:PyB95YbZBDSKBtxi3J0dzWPcVq5xF7TXydkXHwHVdkRc13lL9:aKbZBDpto50QcMxYkXHla
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-