Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Startup826.exe
-
Size
1.0MB
-
Sample
230521-mznkeshe78
-
MD5
fbd0277a8112b275905e7454ad95db4f
-
SHA1
5175cd7e9cd95a4b579a9afb43339d12a492ce58
-
SHA256
3f31a7bc7a6a9c8ff9d67ac54ac146644c635d692f5e39829076ae8608ded9bf
-
SHA512
632d4bbcfe84d27b4d8a72c4b524e3215cf84ce259148a2412077888d8050e3fdc75a9b028414cc89cfe9ab51c60089a713291b61780f0dc97b6581605940d55
-
SSDEEP
24576:TyOS912oUbqrN27VcJIYXgx8NokA5fDT3:m10LbqrN27VTYwqakAxDT
Static task
static1
Behavioral task
behavioral1
Sample
Startup826.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Startup826.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
185.161.248.37:4138
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
Startup826.exe
-
Size
1.0MB
-
MD5
fbd0277a8112b275905e7454ad95db4f
-
SHA1
5175cd7e9cd95a4b579a9afb43339d12a492ce58
-
SHA256
3f31a7bc7a6a9c8ff9d67ac54ac146644c635d692f5e39829076ae8608ded9bf
-
SHA512
632d4bbcfe84d27b4d8a72c4b524e3215cf84ce259148a2412077888d8050e3fdc75a9b028414cc89cfe9ab51c60089a713291b61780f0dc97b6581605940d55
-
SSDEEP
24576:TyOS912oUbqrN27VcJIYXgx8NokA5fDT3:m10LbqrN27VTYwqakAxDT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-