Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cf3baf4e6d85dea478792e93c80a50954f1be292709dde6d5b1026a2445adfc7
-
Size
1022KB
-
Sample
230521-l15pnaca7v
-
MD5
2714cd618c691a0648da868599f6bec7
-
SHA1
f27dc276eb8657cee59dd47595def36e5703bc05
-
SHA256
cf3baf4e6d85dea478792e93c80a50954f1be292709dde6d5b1026a2445adfc7
-
SHA512
e0b356cfe317479667d18aa9927bcd04d087db2ad9aeb127c2e6f06e27f80cf65f9b8fbe90f80ed636b43bde2a1441d35d6937ee8b641be5c3d8fb7f317c8ec7
-
SSDEEP
24576:MybHcUomBHhXtq/Z4WXjrOn0EOSmwvzWbFGURoHhk:7bHPHhXtqBX/G0hmWhGUeB
Static task
static1
Behavioral task
behavioral1
Sample
cf3baf4e6d85dea478792e93c80a50954f1be292709dde6d5b1026a2445adfc7.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
185.161.248.37:4138
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
cf3baf4e6d85dea478792e93c80a50954f1be292709dde6d5b1026a2445adfc7
-
Size
1022KB
-
MD5
2714cd618c691a0648da868599f6bec7
-
SHA1
f27dc276eb8657cee59dd47595def36e5703bc05
-
SHA256
cf3baf4e6d85dea478792e93c80a50954f1be292709dde6d5b1026a2445adfc7
-
SHA512
e0b356cfe317479667d18aa9927bcd04d087db2ad9aeb127c2e6f06e27f80cf65f9b8fbe90f80ed636b43bde2a1441d35d6937ee8b641be5c3d8fb7f317c8ec7
-
SSDEEP
24576:MybHcUomBHhXtq/Z4WXjrOn0EOSmwvzWbFGURoHhk:7bHPHhXtqBX/G0hmWhGUeB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-