Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
61071812b3307184c0f04b053d367d477b98fec1d857c8f23f1502f0f43bd1a5
-
Size
983KB
-
Sample
230525-c7p34sgc5t
-
MD5
9cc731cd92badaff73f62dcde7cfe76d
-
SHA1
aebbfb76f20e49c2562c993d9adb7ae7eb82a82e
-
SHA256
61071812b3307184c0f04b053d367d477b98fec1d857c8f23f1502f0f43bd1a5
-
SHA512
5ec2c4d7bba9928b23b4f8a6c674c977939d7a2880d6133c8bb05cd17dcdd8640bf257f0be82a2bba74e46ff80b25b7683c6b6d96634516be0a7069d9176e456
-
SSDEEP
24576:Ny0AolmsblI/NnDfpWt3rSA0reF1TGToh6USLFLkfFHl:oqlNlI5fpWtCaG0h6US9
Static task
static1
Behavioral task
behavioral1
Sample
61071812b3307184c0f04b053d367d477b98fec1d857c8f23f1502f0f43bd1a5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.122:19062
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
haval
83.97.73.122:19062
-
auth_value
d23dec6813deb04eb8abd82657a9b0af
Targets
-
-
Target
61071812b3307184c0f04b053d367d477b98fec1d857c8f23f1502f0f43bd1a5
-
Size
983KB
-
MD5
9cc731cd92badaff73f62dcde7cfe76d
-
SHA1
aebbfb76f20e49c2562c993d9adb7ae7eb82a82e
-
SHA256
61071812b3307184c0f04b053d367d477b98fec1d857c8f23f1502f0f43bd1a5
-
SHA512
5ec2c4d7bba9928b23b4f8a6c674c977939d7a2880d6133c8bb05cd17dcdd8640bf257f0be82a2bba74e46ff80b25b7683c6b6d96634516be0a7069d9176e456
-
SSDEEP
24576:Ny0AolmsblI/NnDfpWt3rSA0reF1TGToh6USLFLkfFHl:oqlNlI5fpWtCaG0h6US9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-