Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
264ce80f5d043885c169aa54aa19af7dc4393fc4c631719da1eb8c9201b38a27
-
Size
1.1MB
-
Sample
230516-sbtpesbc75
-
MD5
165d962ec9c7afec7121f5a2887a3dd3
-
SHA1
4bac84ce39e207254817b5d828715842a326f8de
-
SHA256
264ce80f5d043885c169aa54aa19af7dc4393fc4c631719da1eb8c9201b38a27
-
SHA512
728f108b337351b2d626ed8991b5d5277d5e8aebfc5ba8d8a1061a4202f71c74908c7e71771698350a24129266fdd15bd0e505c4ae42c20244597273f550dfed
-
SSDEEP
24576:/ykdHw50vVm+xByUDmSy7nzKgifFucfP2cSfMzHOZaZ3Wwc:K+9v0WcrX7qMsP2cSwHOl
Static task
static1
Behavioral task
behavioral1
Sample
264ce80f5d043885c169aa54aa19af7dc4393fc4c631719da1eb8c9201b38a27.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
dopon
185.161.248.75:4132
-
auth_value
8b75ad7ee23fb4d414b2c7174486600e
Extracted
redline
srala
185.161.248.75:4132
-
auth_value
c90de493c232a904fb467fa366785cb6
Targets
-
-
Target
264ce80f5d043885c169aa54aa19af7dc4393fc4c631719da1eb8c9201b38a27
-
Size
1.1MB
-
MD5
165d962ec9c7afec7121f5a2887a3dd3
-
SHA1
4bac84ce39e207254817b5d828715842a326f8de
-
SHA256
264ce80f5d043885c169aa54aa19af7dc4393fc4c631719da1eb8c9201b38a27
-
SHA512
728f108b337351b2d626ed8991b5d5277d5e8aebfc5ba8d8a1061a4202f71c74908c7e71771698350a24129266fdd15bd0e505c4ae42c20244597273f550dfed
-
SSDEEP
24576:/ykdHw50vVm+xByUDmSy7nzKgifFucfP2cSfMzHOZaZ3Wwc:K+9v0WcrX7qMsP2cSwHOl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-