Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2da7f201c82b54865dbf4e68a8e5ad927b4299bfc252ac7ddac602fa6484d332
-
Size
1.0MB
-
Sample
230520-baklpacb2w
-
MD5
ed594ad7bde37ef1b205f098b4cd036e
-
SHA1
aa54b63635bf9ad4255b6b9976e9dc511b99894a
-
SHA256
2da7f201c82b54865dbf4e68a8e5ad927b4299bfc252ac7ddac602fa6484d332
-
SHA512
5263e82dea519cc9a7c29d698b18ee34d3fc3933648ca0f841358879ed434ed1bce1f6055d35569d8021d615a0c1534697c515caab6103112075c3eb827c4a20
-
SSDEEP
24576:Xynke2CLm68CEub84UWrcM3qEFkKWI40tYMa:ikDDlCzw4UbMZk+vK
Static task
static1
Behavioral task
behavioral1
Sample
2da7f201c82b54865dbf4e68a8e5ad927b4299bfc252ac7ddac602fa6484d332.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
deren
77.91.68.253:19065
-
auth_value
04a169f1fb198bfbeca74d0e06ea2d54
Targets
-
-
Target
2da7f201c82b54865dbf4e68a8e5ad927b4299bfc252ac7ddac602fa6484d332
-
Size
1.0MB
-
MD5
ed594ad7bde37ef1b205f098b4cd036e
-
SHA1
aa54b63635bf9ad4255b6b9976e9dc511b99894a
-
SHA256
2da7f201c82b54865dbf4e68a8e5ad927b4299bfc252ac7ddac602fa6484d332
-
SHA512
5263e82dea519cc9a7c29d698b18ee34d3fc3933648ca0f841358879ed434ed1bce1f6055d35569d8021d615a0c1534697c515caab6103112075c3eb827c4a20
-
SSDEEP
24576:Xynke2CLm68CEub84UWrcM3qEFkKWI40tYMa:ikDDlCzw4UbMZk+vK
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-