Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8b92f082d95885ac164b648eed0706fd0dc3583ab91b90bb616ce9bd845ac082
-
Size
764KB
-
Sample
230526-nysnesfg4t
-
MD5
477166dfce52f2e3f02e9113784433de
-
SHA1
772c630f3713fda2b9220429bcf0c592f68cf622
-
SHA256
8b92f082d95885ac164b648eed0706fd0dc3583ab91b90bb616ce9bd845ac082
-
SHA512
b44bfb0e438a9ae9988f544202c3fe41e11f3a007d6e74064eda224db1e567eed04606b6480e478e5a3c03c2eefe8838671ef00414910e2b3a757ad009efcecc
-
SSDEEP
12288:pMrPy90GhfBzpzsgsX8mLijCcoOSNFWcknHqbtJ7arqj+9ylW6EWuEphhII4dmM0:yyLy8mLijCGePkHqbtlxj+Ejh94sMmdf
Static task
static1
Behavioral task
behavioral1
Sample
8b92f082d95885ac164b648eed0706fd0dc3583ab91b90bb616ce9bd845ac082.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
disa
83.97.73.122:19062
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
8b92f082d95885ac164b648eed0706fd0dc3583ab91b90bb616ce9bd845ac082
-
Size
764KB
-
MD5
477166dfce52f2e3f02e9113784433de
-
SHA1
772c630f3713fda2b9220429bcf0c592f68cf622
-
SHA256
8b92f082d95885ac164b648eed0706fd0dc3583ab91b90bb616ce9bd845ac082
-
SHA512
b44bfb0e438a9ae9988f544202c3fe41e11f3a007d6e74064eda224db1e567eed04606b6480e478e5a3c03c2eefe8838671ef00414910e2b3a757ad009efcecc
-
SSDEEP
12288:pMrPy90GhfBzpzsgsX8mLijCcoOSNFWcknHqbtJ7arqj+9ylW6EWuEphhII4dmM0:yyLy8mLijCGePkHqbtlxj+Ejh94sMmdf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-