Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
85e1e52ebf0aefa604da4bd4d0f5b6cd24166d0334df23d4667620ac2f010231
-
Size
770KB
-
Sample
230526-szg1jagb72
-
MD5
4cb22d8b7cc9c88afdd339fb07054be9
-
SHA1
73c5cb16c9ac58408696b6eaf933c9e635d7003e
-
SHA256
85e1e52ebf0aefa604da4bd4d0f5b6cd24166d0334df23d4667620ac2f010231
-
SHA512
6e897dad70f36637ffb91199e94797b899f1ca9084742ef45845a4dcfad9b280106b7ba1d3593666a6c98f693831d0f42647b80070ac156d9a1ab83c0dd30b72
-
SSDEEP
24576:2y78RbJvu8bTx/UisK0dpLAYF90xpbTjvV:F78Rxu8b9nspAYHORTr
Static task
static1
Behavioral task
behavioral1
Sample
85e1e52ebf0aefa604da4bd4d0f5b6cd24166d0334df23d4667620ac2f010231.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
disa
83.97.73.122:19062
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
85e1e52ebf0aefa604da4bd4d0f5b6cd24166d0334df23d4667620ac2f010231
-
Size
770KB
-
MD5
4cb22d8b7cc9c88afdd339fb07054be9
-
SHA1
73c5cb16c9ac58408696b6eaf933c9e635d7003e
-
SHA256
85e1e52ebf0aefa604da4bd4d0f5b6cd24166d0334df23d4667620ac2f010231
-
SHA512
6e897dad70f36637ffb91199e94797b899f1ca9084742ef45845a4dcfad9b280106b7ba1d3593666a6c98f693831d0f42647b80070ac156d9a1ab83c0dd30b72
-
SSDEEP
24576:2y78RbJvu8bTx/UisK0dpLAYF90xpbTjvV:F78Rxu8b9nspAYHORTr
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-