Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
formatter957.exe
-
Size
1.0MB
-
Sample
230521-xkt4rsef8t
-
MD5
17cc2a645ede65f983a294ceeeb13198
-
SHA1
edb2cc732904fcb7cd6e96726ad3344b87845083
-
SHA256
4b7480329a21a3fa3ca7e9b4f897f0b5851088cc0578c4bcde9bb9403f0ff044
-
SHA512
4d1370b1edc540b0585a06efbc1f5b5b08fdd944d2a29686dfb66b74dda89fae9681d82083d12782b107fa433171ef22aff5ddbc31c3ac97bb28652a2452b65b
-
SSDEEP
24576:CyzQFbr9fuPESPJT1wxaR9QCHragboxBSv4K96O:pzQh9fuMSPpWER9Qezb+BxKc
Static task
static1
Behavioral task
behavioral1
Sample
formatter957.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
formatter957.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
185.161.248.37:4138
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
formatter957.exe
-
Size
1.0MB
-
MD5
17cc2a645ede65f983a294ceeeb13198
-
SHA1
edb2cc732904fcb7cd6e96726ad3344b87845083
-
SHA256
4b7480329a21a3fa3ca7e9b4f897f0b5851088cc0578c4bcde9bb9403f0ff044
-
SHA512
4d1370b1edc540b0585a06efbc1f5b5b08fdd944d2a29686dfb66b74dda89fae9681d82083d12782b107fa433171ef22aff5ddbc31c3ac97bb28652a2452b65b
-
SSDEEP
24576:CyzQFbr9fuPESPJT1wxaR9QCHragboxBSv4K96O:pzQh9fuMSPpWER9Qezb+BxKc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-