Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
68682c81c44e6031254784a1e22ab6ba20293e8204a96509b53b5a220aac786b
-
Size
1.1MB
-
Sample
230515-jes3mahf6t
-
MD5
56da1ad86ab8c98a269779c41ec57368
-
SHA1
5f3d4535b2e4841d752f63137c76a19f4b4944f4
-
SHA256
68682c81c44e6031254784a1e22ab6ba20293e8204a96509b53b5a220aac786b
-
SHA512
5b592ae72bf563944d9fe5f85f902b85891f08c9864e8b2008c5c1985284b8e9298fb5ec67214f74178fd8ecb32958834c5cc748df94ff00b84eb412d8ab93c0
-
SSDEEP
24576:Iyr0k8eBc7MchNURdyc6+PQAR+Uapyg2BFVHePCNvKel:PH8/7M4mRn6+4AR+U3XFVHePsv
Static task
static1
Behavioral task
behavioral1
Sample
68682c81c44e6031254784a1e22ab6ba20293e8204a96509b53b5a220aac786b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
muza
185.161.248.75:4132
-
auth_value
99f39e1ac98e0c0a729ab27594e72bc3
Extracted
redline
horor
185.161.248.75:4132
-
auth_value
b8d506fe48db15c38fb031d07f42d529
Targets
-
-
Target
68682c81c44e6031254784a1e22ab6ba20293e8204a96509b53b5a220aac786b
-
Size
1.1MB
-
MD5
56da1ad86ab8c98a269779c41ec57368
-
SHA1
5f3d4535b2e4841d752f63137c76a19f4b4944f4
-
SHA256
68682c81c44e6031254784a1e22ab6ba20293e8204a96509b53b5a220aac786b
-
SHA512
5b592ae72bf563944d9fe5f85f902b85891f08c9864e8b2008c5c1985284b8e9298fb5ec67214f74178fd8ecb32958834c5cc748df94ff00b84eb412d8ab93c0
-
SSDEEP
24576:Iyr0k8eBc7MchNURdyc6+PQAR+Uapyg2BFVHePCNvKel:PH8/7M4mRn6+4AR+U3XFVHePsv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-