Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
manager.exe
-
Size
1.0MB
-
Sample
230520-ve58qsde98
-
MD5
5a62aeadd13e18579d0e76d1696b9b4a
-
SHA1
285a770bb5324f74663adc759fc0e904ad385d20
-
SHA256
728196954f7a0789dbf6a50798179e5c8ef192a403f3746d8ecfff16e56cb09c
-
SHA512
a44e0a103d00c3675bfb8a04a352cb7884100e6eaf49de7707712cd30352fb0abe87724043e883a55cb20ae4175a0fef94fd4451f85f99ade2aa202d0c56f121
-
SSDEEP
24576:fyhGsnX8pLpmo4bdYoHywAHgy7Vz0rUJ8Z3bIMq0jK7Q:qUsMSo+ZAHgy5zqUQ3bg0js
Static task
static1
Behavioral task
behavioral1
Sample
manager.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
manager.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
leren
77.91.68.253:19065
-
auth_value
4002956b5a03c59e4252363b86bc7713
Targets
-
-
Target
manager.exe
-
Size
1.0MB
-
MD5
5a62aeadd13e18579d0e76d1696b9b4a
-
SHA1
285a770bb5324f74663adc759fc0e904ad385d20
-
SHA256
728196954f7a0789dbf6a50798179e5c8ef192a403f3746d8ecfff16e56cb09c
-
SHA512
a44e0a103d00c3675bfb8a04a352cb7884100e6eaf49de7707712cd30352fb0abe87724043e883a55cb20ae4175a0fef94fd4451f85f99ade2aa202d0c56f121
-
SSDEEP
24576:fyhGsnX8pLpmo4bdYoHywAHgy7Vz0rUJ8Z3bIMq0jK7Q:qUsMSo+ZAHgy5zqUQ3bg0js
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-