Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
862a0a68c747cbabd3447273b160a392.bin
-
Size
833KB
-
Sample
230516-bw9spsba27
-
MD5
22661143211f732a2cc6e0ee379d0fac
-
SHA1
aa2a1632321c95e0cab793b5cbf5cbe78ffed38c
-
SHA256
5cdc6cc88bd27b48911efd9d52ab4121f6dd8ea3e1b176b0fc1bde23f0ce8712
-
SHA512
a50a4217dbd0327aa980558e75ee841cd404a444cac92dd9eaf89b67256df31cebc8babe2f47d135962f36d2c313e13ee09e35d67eef0bc4195f4bb115ee9baa
-
SSDEEP
12288:x72G8E2CNP7v9aPpIpTFWrSt2fimZ+p/X4RCAGaazphi1mxWswYuy0gq/hi8fo59:B1z571q2Orh5Exp4mxpet/1o56Y7A+
Static task
static1
Behavioral task
behavioral1
Sample
ffb2caf2181442fa0c3f45eb342e31f7283eeaa8786f5ccffe0f8bfcfd166e8f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ffb2caf2181442fa0c3f45eb342e31f7283eeaa8786f5ccffe0f8bfcfd166e8f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dimas
185.161.248.75:4132
-
auth_value
a5db9b1c53c704e612bccc93ccdb5539
Extracted
redline
roza
185.161.248.75:4132
-
auth_value
3e701c8c522386806a8f1f40a90873a7
Targets
-
-
Target
ffb2caf2181442fa0c3f45eb342e31f7283eeaa8786f5ccffe0f8bfcfd166e8f.exe
-
Size
876KB
-
MD5
862a0a68c747cbabd3447273b160a392
-
SHA1
3a4a94fc803dcbfd0a280fbbcc736f701a1708fe
-
SHA256
ffb2caf2181442fa0c3f45eb342e31f7283eeaa8786f5ccffe0f8bfcfd166e8f
-
SHA512
48bdd455298ba0fb13df50a8414290a186955fd707da19d636505c663ef58a945a8b0fe9806c4468a90dcbc1c2bd686e377d0fc0602b6702bfab93cb1e130df5
-
SSDEEP
12288:CMriy9077nTnJ0eAkGfy02XWQUibRQrrqXxyMWOrLMoyGdtN/lEWadBc1zkT1ot:0y8nTnKvibggxxWvoyiEBc6TWt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-