Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7a9fe7546c59b37b7f2f4b3d684d68cb91dfd7c64e08824ccbf9b92148846c50
-
Size
1.1MB
-
Sample
230515-zwqa3afh41
-
MD5
b59d6aca9586a2de491c47f5311840e4
-
SHA1
45cd2d7f9cd447b783e39489d9e852e6b31277dc
-
SHA256
7a9fe7546c59b37b7f2f4b3d684d68cb91dfd7c64e08824ccbf9b92148846c50
-
SHA512
1bda116ac7245489dada0378941fbafdfe4adbecc8e7eb04c3d6a02bfc7c3f907c9e3d9876ee72b698ee514784f95a379fe0de86a1c01694a45db62c3fe1f277
-
SSDEEP
24576:Nya/pF9BUrcLarL3/Iq/SWK2qGuSu0biq+ku5t+qaA4lzOU+kWPIPgiA2:oYaQLG3/BI2qDelmtCOUJiIPQ
Static task
static1
Behavioral task
behavioral1
Sample
7a9fe7546c59b37b7f2f4b3d684d68cb91dfd7c64e08824ccbf9b92148846c50.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maza
185.161.248.25:4132
-
auth_value
474d54c1c2f5291290c53f8378acd684
Extracted
redline
sister
185.161.248.25:4132
-
auth_value
61021810f83e6d5e6ff303aaac03c0e1
Targets
-
-
Target
7a9fe7546c59b37b7f2f4b3d684d68cb91dfd7c64e08824ccbf9b92148846c50
-
Size
1.1MB
-
MD5
b59d6aca9586a2de491c47f5311840e4
-
SHA1
45cd2d7f9cd447b783e39489d9e852e6b31277dc
-
SHA256
7a9fe7546c59b37b7f2f4b3d684d68cb91dfd7c64e08824ccbf9b92148846c50
-
SHA512
1bda116ac7245489dada0378941fbafdfe4adbecc8e7eb04c3d6a02bfc7c3f907c9e3d9876ee72b698ee514784f95a379fe0de86a1c01694a45db62c3fe1f277
-
SSDEEP
24576:Nya/pF9BUrcLarL3/Iq/SWK2qGuSu0biq+ku5t+qaA4lzOU+kWPIPgiA2:oYaQLG3/BI2qDelmtCOUJiIPQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-