Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ac1ecb71f66ef003a97a18f83fedc5cd.bin
-
Size
986KB
-
Sample
230521-b5cvbsac7z
-
MD5
f31bba5d0755ed372f1bb5b7be5ca4a6
-
SHA1
e3a6c575b27acd74b6e6222279304412cb5c28f4
-
SHA256
71180c7fa9d49b96433f91dc42e2ceac2fda600c1976bd518c86389da93e9d29
-
SHA512
e0fb8580f48fd5758c79271cf2e11309bdb1eef998482ded03f1d936074207e55b1338d12cf6508640d239a462083344fcc47b48a86c774f62062d781f9eeecf
-
SSDEEP
24576:1P9Lt91eo06uuDd42YuwzVTSGXf0i5VVHDJJ+MtIVxS0RI3eh6/:1P9Lde+uux42Y3TP5VV/+MKVE0IeQ/
Static task
static1
Behavioral task
behavioral1
Sample
0aec6fcbacc14e81abd25738d889245a1c91e48e5a074ae9d6233d175a68669d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0aec6fcbacc14e81abd25738d889245a1c91e48e5a074ae9d6233d175a68669d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
muser
77.91.68.253:19065
-
auth_value
ab307a8e027ba1296455e3d548f168a3
Targets
-
-
Target
0aec6fcbacc14e81abd25738d889245a1c91e48e5a074ae9d6233d175a68669d.exe
-
Size
1.0MB
-
MD5
ac1ecb71f66ef003a97a18f83fedc5cd
-
SHA1
a69c739675ee0352bc58224063124da17cfdd10e
-
SHA256
0aec6fcbacc14e81abd25738d889245a1c91e48e5a074ae9d6233d175a68669d
-
SHA512
d0f3f3e9bf984349f19de0c941591274478ae0d6d903aeb9ceb2ffd2f0483215635001c534272292796ec4f9f5a746995a343c57ba5bf2f616dfbcd8c9f90b10
-
SSDEEP
24576:gyeoJL9ZiWM2w6UWFGPH5YRnIocd+pRw:neoJHiWM2wpvPqRIocQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-