Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f807cd77d6fc15219f412601a11d9bee61c05dd0f083334a3c5c23427e3f08f3
-
Size
1.0MB
-
Sample
230518-yvpsgacf7t
-
MD5
7c6f7c7e8f2e85a604614fca949b326a
-
SHA1
380a09955fb81dd55013b05cbbd184b0df1ea589
-
SHA256
f807cd77d6fc15219f412601a11d9bee61c05dd0f083334a3c5c23427e3f08f3
-
SHA512
81617bf6037ce9273f9261b44c566556cfcb2346e79e939e03f7eb0239570c4576fd571ae6ce1c0a8c9ba61124e4b4c673cedd74e95ebad9d8be3dfdda3a239c
-
SSDEEP
24576:4yA731oQq/ofPRF9zk5N0w5ftQHxGEu1nC+aRBMJj3EDa:/U3+Qq/aBzk3Z2D0nARKJ
Static task
static1
Behavioral task
behavioral1
Sample
f807cd77d6fc15219f412601a11d9bee61c05dd0f083334a3c5c23427e3f08f3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dako
77.91.68.253:41783
-
auth_value
c6bc6a7edb74e0eff37800710e07bee1
Targets
-
-
Target
f807cd77d6fc15219f412601a11d9bee61c05dd0f083334a3c5c23427e3f08f3
-
Size
1.0MB
-
MD5
7c6f7c7e8f2e85a604614fca949b326a
-
SHA1
380a09955fb81dd55013b05cbbd184b0df1ea589
-
SHA256
f807cd77d6fc15219f412601a11d9bee61c05dd0f083334a3c5c23427e3f08f3
-
SHA512
81617bf6037ce9273f9261b44c566556cfcb2346e79e939e03f7eb0239570c4576fd571ae6ce1c0a8c9ba61124e4b4c673cedd74e95ebad9d8be3dfdda3a239c
-
SSDEEP
24576:4yA731oQq/ofPRF9zk5N0w5ftQHxGEu1nC+aRBMJj3EDa:/U3+Qq/aBzk3Z2D0nARKJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-