Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
98c4c6e2ac5833465fff899950dfa89d17a4cb279a2f1504be055629fde97a99
-
Size
1.1MB
-
Sample
230515-yh8d2shb45
-
MD5
0a2cee917dbdb76721246bdc80c69d54
-
SHA1
9eb67025486ae0e1fe69ffc65622ead778c34d06
-
SHA256
98c4c6e2ac5833465fff899950dfa89d17a4cb279a2f1504be055629fde97a99
-
SHA512
fcd887739edaacfb443d8c8d85b949210abbf44b71ec04786400fcf3231f0292c634b72d61d92dd9ac982be2c15c280f250163298d928bab4f650c2ed563b76d
-
SSDEEP
24576:vyaTpJnz0J2TLTFUV+zQI6wB9fC6vXFDHGYXhMW59jwxFYRKYh:6uz3TLJUV+nfR1DHtXhMW5lwxFY
Static task
static1
Behavioral task
behavioral1
Sample
98c4c6e2ac5833465fff899950dfa89d17a4cb279a2f1504be055629fde97a99.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
laris
185.161.248.25:4132
-
auth_value
8774964465c41ab67a0a17432b084e1e
Extracted
redline
naher
185.161.248.25:4132
-
auth_value
91f06fcf80f600c56b2797e1c73d214d
Targets
-
-
Target
98c4c6e2ac5833465fff899950dfa89d17a4cb279a2f1504be055629fde97a99
-
Size
1.1MB
-
MD5
0a2cee917dbdb76721246bdc80c69d54
-
SHA1
9eb67025486ae0e1fe69ffc65622ead778c34d06
-
SHA256
98c4c6e2ac5833465fff899950dfa89d17a4cb279a2f1504be055629fde97a99
-
SHA512
fcd887739edaacfb443d8c8d85b949210abbf44b71ec04786400fcf3231f0292c634b72d61d92dd9ac982be2c15c280f250163298d928bab4f650c2ed563b76d
-
SSDEEP
24576:vyaTpJnz0J2TLTFUV+zQI6wB9fC6vXFDHGYXhMW59jwxFYRKYh:6uz3TLJUV+nfR1DHtXhMW5lwxFY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-