Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8dc4d6738d677e20a153374a8ec1ec50c6f0608f40863af190e2992332a80c6c
-
Size
917KB
-
Sample
230524-b8p9tsac92
-
MD5
69fe1907a96be93010cb17789ed64e5a
-
SHA1
d22fdcebef916fb3a7f044671b01539ea1ea42eb
-
SHA256
8dc4d6738d677e20a153374a8ec1ec50c6f0608f40863af190e2992332a80c6c
-
SHA512
c807c3d64c083b5d3c8cf46bac9fd4ac37d8edaecd92d551c3136a55017ab646b93917118cefe36505648a7881f966fd72cc7a86f52ee3e7071b19e9fe3516c7
-
SSDEEP
24576:4yq1bXLaXhPOF7cfzx/K4IdWqU6yX3dg3DM:/q9XGW9wzEXdU624D
Static task
static1
Behavioral task
behavioral1
Sample
8dc4d6738d677e20a153374a8ec1ec50c6f0608f40863af190e2992332a80c6c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.122:19062
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
8dc4d6738d677e20a153374a8ec1ec50c6f0608f40863af190e2992332a80c6c
-
Size
917KB
-
MD5
69fe1907a96be93010cb17789ed64e5a
-
SHA1
d22fdcebef916fb3a7f044671b01539ea1ea42eb
-
SHA256
8dc4d6738d677e20a153374a8ec1ec50c6f0608f40863af190e2992332a80c6c
-
SHA512
c807c3d64c083b5d3c8cf46bac9fd4ac37d8edaecd92d551c3136a55017ab646b93917118cefe36505648a7881f966fd72cc7a86f52ee3e7071b19e9fe3516c7
-
SSDEEP
24576:4yq1bXLaXhPOF7cfzx/K4IdWqU6yX3dg3DM:/q9XGW9wzEXdU624D
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-