Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
074c9964f9485771bce6a7f945297ef2.exe
-
Size
1021KB
-
Sample
230518-z7wbfsch2w
-
MD5
074c9964f9485771bce6a7f945297ef2
-
SHA1
bff9faa86c1f22d1b58487762a20e2f6f224ff0d
-
SHA256
2ed81c8a70821f622a4032f6fefc00a25c4cce03df139afe47f3d0d4209dc972
-
SHA512
05366d213ae54c547412a45e014cb943f18770664fe2f9986c73acc6a9807910b4c2acb47419d545bf50f4c2d46915d87eb572e425090c5f84398558347595b6
-
SSDEEP
24576:DyJr1oGVE1N5G5suTW15qY7QQ0VLfzut4c:W51o6E1NPu4X0VLLu
Static task
static1
Behavioral task
behavioral1
Sample
074c9964f9485771bce6a7f945297ef2.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
074c9964f9485771bce6a7f945297ef2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
laxak
77.91.68.253:41783
-
auth_value
9f2cf0f93f412b5c2e152400023c0fc3
Targets
-
-
Target
074c9964f9485771bce6a7f945297ef2.exe
-
Size
1021KB
-
MD5
074c9964f9485771bce6a7f945297ef2
-
SHA1
bff9faa86c1f22d1b58487762a20e2f6f224ff0d
-
SHA256
2ed81c8a70821f622a4032f6fefc00a25c4cce03df139afe47f3d0d4209dc972
-
SHA512
05366d213ae54c547412a45e014cb943f18770664fe2f9986c73acc6a9807910b4c2acb47419d545bf50f4c2d46915d87eb572e425090c5f84398558347595b6
-
SSDEEP
24576:DyJr1oGVE1N5G5suTW15qY7QQ0VLfzut4c:W51o6E1NPu4X0VLLu
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-