Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fbb47a7777e73a83117e6313f4c7c1b51f1886c0c93896b97c72ee0156740ef0
-
Size
1.1MB
-
Sample
230516-tx7zlsaf7t
-
MD5
3e67cbebd5bbecf8dda1fbd99eb036bb
-
SHA1
942c3d90b2c3723454d8e95f2c7ab6403326e68e
-
SHA256
fbb47a7777e73a83117e6313f4c7c1b51f1886c0c93896b97c72ee0156740ef0
-
SHA512
852e034d03005f20ae6dd821f7bcc35cec71f1c95858c050e35b9a7123755710b27877263680abce724cf41a765b11c22749b083d57efac54530e0addc7a9fe5
-
SSDEEP
24576:6yxb2ce2fcJCY1JxDV4DoXvkcCNFy3oIMyaBYB0gez:B3e1JCMx0nMMoxe
Static task
static1
Behavioral task
behavioral1
Sample
fbb47a7777e73a83117e6313f4c7c1b51f1886c0c93896b97c72ee0156740ef0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dopon
185.161.248.75:4132
-
auth_value
8b75ad7ee23fb4d414b2c7174486600e
Extracted
redline
srala
185.161.248.75:4132
-
auth_value
c90de493c232a904fb467fa366785cb6
Targets
-
-
Target
fbb47a7777e73a83117e6313f4c7c1b51f1886c0c93896b97c72ee0156740ef0
-
Size
1.1MB
-
MD5
3e67cbebd5bbecf8dda1fbd99eb036bb
-
SHA1
942c3d90b2c3723454d8e95f2c7ab6403326e68e
-
SHA256
fbb47a7777e73a83117e6313f4c7c1b51f1886c0c93896b97c72ee0156740ef0
-
SHA512
852e034d03005f20ae6dd821f7bcc35cec71f1c95858c050e35b9a7123755710b27877263680abce724cf41a765b11c22749b083d57efac54530e0addc7a9fe5
-
SSDEEP
24576:6yxb2ce2fcJCY1JxDV4DoXvkcCNFy3oIMyaBYB0gez:B3e1JCMx0nMMoxe
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-