Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f9209ae7644f66c69bb6c1469883ee33f81604b30819fb193946e2476d1103ab
-
Size
1.0MB
-
Sample
230520-pje98acb66
-
MD5
79333ca09cfe600e44ef282d8ee38648
-
SHA1
32be5683cf16156c71ae13756767775b176e11f2
-
SHA256
f9209ae7644f66c69bb6c1469883ee33f81604b30819fb193946e2476d1103ab
-
SHA512
b4c4e62371237b639bdae31ebc4956199bec5e48648aae706bc738625adad61ce1e1f578c1daa4609715c5e5e205c1a0a9b82d740b722cc79abfc8ecbe301257
-
SSDEEP
24576:iy8VAI3a0u+BkxXmToFH00rIyX8ZW7wt68tzwaPhucq:J8VAI3s+E2qJrZX8Nt68tzbf
Static task
static1
Behavioral task
behavioral1
Sample
f9209ae7644f66c69bb6c1469883ee33f81604b30819fb193946e2476d1103ab.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
deren
77.91.68.253:19065
-
auth_value
04a169f1fb198bfbeca74d0e06ea2d54
Targets
-
-
Target
f9209ae7644f66c69bb6c1469883ee33f81604b30819fb193946e2476d1103ab
-
Size
1.0MB
-
MD5
79333ca09cfe600e44ef282d8ee38648
-
SHA1
32be5683cf16156c71ae13756767775b176e11f2
-
SHA256
f9209ae7644f66c69bb6c1469883ee33f81604b30819fb193946e2476d1103ab
-
SHA512
b4c4e62371237b639bdae31ebc4956199bec5e48648aae706bc738625adad61ce1e1f578c1daa4609715c5e5e205c1a0a9b82d740b722cc79abfc8ecbe301257
-
SSDEEP
24576:iy8VAI3a0u+BkxXmToFH00rIyX8ZW7wt68tzwaPhucq:J8VAI3s+E2qJrZX8Nt68tzbf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-