Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
370aaf056aa16871d49f9273b31df338c42fb757a483403e193be37edda3708e
-
Size
764KB
-
Sample
230526-kpg9jsfb9w
-
MD5
4c1942ca382745ae33b07e8dcebb384f
-
SHA1
d4ff75aa6081d6a9914e3de2b3214c710383d7fc
-
SHA256
370aaf056aa16871d49f9273b31df338c42fb757a483403e193be37edda3708e
-
SHA512
44a62fa25802b4f8ef6a4904cbffcfe6a9b2ada0e72d3aa053e0447c3363ddd8b4343b3da1fae6dfdba7ac3e1dbd03426c550902fa957d7ba51f12510480a8fb
-
SSDEEP
12288:7Mr9y90hvJhaNSEElOOZuq6JaJSKzh69q6z8gQR/HjoLNpQNOBEgmp4d88md8LBI:OygD6YuquabMjwR/Hjqa4O8mdou
Static task
static1
Behavioral task
behavioral1
Sample
370aaf056aa16871d49f9273b31df338c42fb757a483403e193be37edda3708e.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
disa
83.97.73.122:19062
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
370aaf056aa16871d49f9273b31df338c42fb757a483403e193be37edda3708e
-
Size
764KB
-
MD5
4c1942ca382745ae33b07e8dcebb384f
-
SHA1
d4ff75aa6081d6a9914e3de2b3214c710383d7fc
-
SHA256
370aaf056aa16871d49f9273b31df338c42fb757a483403e193be37edda3708e
-
SHA512
44a62fa25802b4f8ef6a4904cbffcfe6a9b2ada0e72d3aa053e0447c3363ddd8b4343b3da1fae6dfdba7ac3e1dbd03426c550902fa957d7ba51f12510480a8fb
-
SSDEEP
12288:7Mr9y90hvJhaNSEElOOZuq6JaJSKzh69q6z8gQR/HjoLNpQNOBEgmp4d88md8LBI:OygD6YuquabMjwR/Hjqa4O8mdou
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-