Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b2cbae0c00a038e17e5cdc244592b2503db6a82ce0cd386bc8c385ffbb6d40f5
-
Size
917KB
-
Sample
230524-dj7hxsbb8y
-
MD5
4db3242e3a847d2c6764f79c47195aba
-
SHA1
24690a7d7e76e34b55cf52e46e08c40c4877b244
-
SHA256
b2cbae0c00a038e17e5cdc244592b2503db6a82ce0cd386bc8c385ffbb6d40f5
-
SHA512
f19c215e3a2f60b4590f2a5955191972de5a3f27ff4a135a07923ead87d78223c96def1435d41f647dacfaee1ce9142abcd4d879068319e65b8615295bc35d7b
-
SSDEEP
24576:GyKnwnaYlo+ZvM8ZDhGOOoc9F9W26jq3r:VzaYlo+ZrDI3TAG
Static task
static1
Behavioral task
behavioral1
Sample
b2cbae0c00a038e17e5cdc244592b2503db6a82ce0cd386bc8c385ffbb6d40f5.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
diza
83.97.73.122:19062
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
b2cbae0c00a038e17e5cdc244592b2503db6a82ce0cd386bc8c385ffbb6d40f5
-
Size
917KB
-
MD5
4db3242e3a847d2c6764f79c47195aba
-
SHA1
24690a7d7e76e34b55cf52e46e08c40c4877b244
-
SHA256
b2cbae0c00a038e17e5cdc244592b2503db6a82ce0cd386bc8c385ffbb6d40f5
-
SHA512
f19c215e3a2f60b4590f2a5955191972de5a3f27ff4a135a07923ead87d78223c96def1435d41f647dacfaee1ce9142abcd4d879068319e65b8615295bc35d7b
-
SSDEEP
24576:GyKnwnaYlo+ZvM8ZDhGOOoc9F9W26jq3r:VzaYlo+ZrDI3TAG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-