Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9c048ce18b0977204dd263c68241101f187d72e12db7603deae7646fbc4b1981
-
Size
1.1MB
-
Sample
230515-lhka1aff43
-
MD5
85a56a92f9dd024ed1d2cc8b9b25adb1
-
SHA1
0681dc99f70abee0b8e612eca612d94724e743d6
-
SHA256
9c048ce18b0977204dd263c68241101f187d72e12db7603deae7646fbc4b1981
-
SHA512
f7a20b132fb2301f933e23bcfa3bf6ee1881398a8e8f0b06cdfe9c023632f565353cfb05ffa353c68a30673e8bda96bc0cae4173f127f366d31efcb1f6a356b9
-
SSDEEP
24576:yyKgX4yO/OCt9fSQF9jcjjDBdSniRO7QGvgnTpnw/Ccv:ZkVbfSq6V4iRzGvWw/C
Static task
static1
Behavioral task
behavioral1
Sample
9c048ce18b0977204dd263c68241101f187d72e12db7603deae7646fbc4b1981.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lays
185.161.248.75:4132
-
auth_value
239cb507c4bb32e630b1bee63365fe29
Extracted
redline
manka
185.161.248.75:4132
-
auth_value
d94715c55e1c02ef0aa67081d47a0c1f
Targets
-
-
Target
9c048ce18b0977204dd263c68241101f187d72e12db7603deae7646fbc4b1981
-
Size
1.1MB
-
MD5
85a56a92f9dd024ed1d2cc8b9b25adb1
-
SHA1
0681dc99f70abee0b8e612eca612d94724e743d6
-
SHA256
9c048ce18b0977204dd263c68241101f187d72e12db7603deae7646fbc4b1981
-
SHA512
f7a20b132fb2301f933e23bcfa3bf6ee1881398a8e8f0b06cdfe9c023632f565353cfb05ffa353c68a30673e8bda96bc0cae4173f127f366d31efcb1f6a356b9
-
SSDEEP
24576:yyKgX4yO/OCt9fSQF9jcjjDBdSniRO7QGvgnTpnw/Ccv:ZkVbfSq6V4iRzGvWw/C
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-