Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3aac7d8d5d5fc1cf9b4334638672342fc79b379c214768ae8d10846137002807
-
Size
981KB
-
Sample
230525-fzpn6agb77
-
MD5
70affd33075fc31907557f427292f2c3
-
SHA1
091f3702b1caec8d0841f5b4ca5efd36af45d724
-
SHA256
3aac7d8d5d5fc1cf9b4334638672342fc79b379c214768ae8d10846137002807
-
SHA512
cb731bae7ccb31b99e110ef7ce3c6076e55beb7dc26efaad3bc9b0c362dbf3c248ea9baf6e5328f9e68aae9e9eb57139d1af363278cd5382e9e0fe977cd15a7a
-
SSDEEP
24576:LytlnJS+SnwMT+JUf9TGWShlidzpmWho0IWhOBrff:+jn03FCJ4GDhleho0PM
Static task
static1
Behavioral task
behavioral1
Sample
3aac7d8d5d5fc1cf9b4334638672342fc79b379c214768ae8d10846137002807.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.122:19062
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
haval
83.97.73.122:19062
-
auth_value
d23dec6813deb04eb8abd82657a9b0af
Targets
-
-
Target
3aac7d8d5d5fc1cf9b4334638672342fc79b379c214768ae8d10846137002807
-
Size
981KB
-
MD5
70affd33075fc31907557f427292f2c3
-
SHA1
091f3702b1caec8d0841f5b4ca5efd36af45d724
-
SHA256
3aac7d8d5d5fc1cf9b4334638672342fc79b379c214768ae8d10846137002807
-
SHA512
cb731bae7ccb31b99e110ef7ce3c6076e55beb7dc26efaad3bc9b0c362dbf3c248ea9baf6e5328f9e68aae9e9eb57139d1af363278cd5382e9e0fe977cd15a7a
-
SSDEEP
24576:LytlnJS+SnwMT+JUf9TGWShlidzpmWho0IWhOBrff:+jn03FCJ4GDhleho0PM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-