Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
16e13e01d5462ac7c502cd94946ebded.bin
-
Size
987KB
-
Sample
230522-bf79yaga8w
-
MD5
e9f65ddcabd986303f001297c1c2e054
-
SHA1
d8cc1fd6c033ceb30887094e56caee1bcc5f62fa
-
SHA256
440eecebe4cdae53d95b5a9331f2c298099ad3aa0af8b767db853610745b287e
-
SHA512
a23001c65554aa8884aa46029c96c3be90b3e71cfdb236fecbd3212ac078dd9bcb1ac54e72cc0c41e74e188648d4a427a28ef7e837e9fc7fc4df56584f7e0067
-
SSDEEP
24576:OovqPaFZWjldmT0dOkYS5qPl/xJ7tR7OvJHgG:OUea+jldmT0to57tR6tN
Static task
static1
Behavioral task
behavioral1
Sample
7df898f186e364daba1451db378cfc745d118360d79dd8570402246bb8935fa3.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
7df898f186e364daba1451db378cfc745d118360d79dd8570402246bb8935fa3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxa
77.91.124.251:19065
-
auth_value
3c06ec6b3eea9db7536a57bcc13f5bef
Targets
-
-
Target
7df898f186e364daba1451db378cfc745d118360d79dd8570402246bb8935fa3.exe
-
Size
1.0MB
-
MD5
16e13e01d5462ac7c502cd94946ebded
-
SHA1
6b88537c85f58b6518b6e9cb6f57d9be5e91277f
-
SHA256
7df898f186e364daba1451db378cfc745d118360d79dd8570402246bb8935fa3
-
SHA512
c6e935ffa152e0eaa2345d439a55f4e972ea2e21220de6bbca49a47f1bae2f560c8006b292d30952057423e0276ef423b3e9dbe11a6dd7a21d437609a4cb73bc
-
SSDEEP
24576:ryZWercgdOPkqwLc9qUb9cQivncoT/yxR8kjqUY4gjarjflGF/:eZW1PkYqUb9cQiPcaYWkVZgmr7l
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-