Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7a13248bab0f2b4bd036f389fec121e023a3a3a95422a4dc7cce0cb6d3e5dfa2
-
Size
873KB
-
Sample
230524-v225laeb6t
-
MD5
cc6615423fc738dc1fc8513f5a5140c5
-
SHA1
4efa6396b3fc9730e757bfd561424681655847de
-
SHA256
7a13248bab0f2b4bd036f389fec121e023a3a3a95422a4dc7cce0cb6d3e5dfa2
-
SHA512
d9b7b6ecb704b33e40e2544ef763dbc685c4f78b5fff5094ae9782468436dae1313506f3230e00e788d539b05de19baa9194b0e4134c73ece0265f289868f8d6
-
SSDEEP
12288:5Mrwy90q3IuHZVP6p3vVrYx7xUw/HUG4CTtGHzAYmBZAmhIXVHtIPd2BhUgMM:tyDTHZo0x3/USTtcyd2BWy
Static task
static1
Behavioral task
behavioral1
Sample
7a13248bab0f2b4bd036f389fec121e023a3a3a95422a4dc7cce0cb6d3e5dfa2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.122:19062
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
mesu
83.97.73.122:19062
-
auth_value
8ede6a157d1d9509a21427d10e999ba2
Targets
-
-
Target
7a13248bab0f2b4bd036f389fec121e023a3a3a95422a4dc7cce0cb6d3e5dfa2
-
Size
873KB
-
MD5
cc6615423fc738dc1fc8513f5a5140c5
-
SHA1
4efa6396b3fc9730e757bfd561424681655847de
-
SHA256
7a13248bab0f2b4bd036f389fec121e023a3a3a95422a4dc7cce0cb6d3e5dfa2
-
SHA512
d9b7b6ecb704b33e40e2544ef763dbc685c4f78b5fff5094ae9782468436dae1313506f3230e00e788d539b05de19baa9194b0e4134c73ece0265f289868f8d6
-
SSDEEP
12288:5Mrwy90q3IuHZVP6p3vVrYx7xUw/HUG4CTtGHzAYmBZAmhIXVHtIPd2BhUgMM:tyDTHZo0x3/USTtcyd2BWy
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-