Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0923573627c0d2c80d0f64cece4f295ca11f55874495f72f7d33561e82abe8fd
-
Size
1.0MB
-
Sample
230519-xfh6psab2s
-
MD5
bbc40e4f66e2548963a250c3a8495017
-
SHA1
f53c94d12f0c1ca26c8c8453ad2335db7199150b
-
SHA256
0923573627c0d2c80d0f64cece4f295ca11f55874495f72f7d33561e82abe8fd
-
SHA512
ed0e3d2500fea5eda84de601c03edd7bf20ffca160bbaf9687ca8e77b65762a4f15f9e8e08e8f66852722e7ff9065227d43e56abec44b1e25cf8294dbedcc9bd
-
SSDEEP
24576:Hy2GScJR8nsmrtsy1LdJ58BVcn6CLoO632dZnltetXG:S2jcP2Ky1LdH8sk32dFlmX
Static task
static1
Behavioral task
behavioral1
Sample
0923573627c0d2c80d0f64cece4f295ca11f55874495f72f7d33561e82abe8fd.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
muser
77.91.68.253:19065
-
auth_value
ab307a8e027ba1296455e3d548f168a3
Targets
-
-
Target
0923573627c0d2c80d0f64cece4f295ca11f55874495f72f7d33561e82abe8fd
-
Size
1.0MB
-
MD5
bbc40e4f66e2548963a250c3a8495017
-
SHA1
f53c94d12f0c1ca26c8c8453ad2335db7199150b
-
SHA256
0923573627c0d2c80d0f64cece4f295ca11f55874495f72f7d33561e82abe8fd
-
SHA512
ed0e3d2500fea5eda84de601c03edd7bf20ffca160bbaf9687ca8e77b65762a4f15f9e8e08e8f66852722e7ff9065227d43e56abec44b1e25cf8294dbedcc9bd
-
SSDEEP
24576:Hy2GScJR8nsmrtsy1LdJ58BVcn6CLoO632dZnltetXG:S2jcP2Ky1LdH8sk32dFlmX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-