Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8210655a29eea3974367666e19098994f05bbe57684f1b66d07ea5baa0d54cf5
-
Size
770KB
-
Sample
230526-vt6g2sge67
-
MD5
d331d8bcce3f4d219a050d29a5f82341
-
SHA1
ebf4e851b65630f9b849ad6c2cadc8be5d6ee6f9
-
SHA256
8210655a29eea3974367666e19098994f05bbe57684f1b66d07ea5baa0d54cf5
-
SHA512
891855daf53f138478dca0bb91d25cd7be280b49cef97b2c65e73f399757d311e496a4207b6efbae9313c6e944c98e891e44aeff0c2b3b25806caeeba01f963a
-
SSDEEP
24576:ayJxvtEufWr7mWZMCzmCE2erZNFh0qVbpjf:hJlMUCxEjTllp
Static task
static1
Behavioral task
behavioral1
Sample
8210655a29eea3974367666e19098994f05bbe57684f1b66d07ea5baa0d54cf5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
disa
83.97.73.122:19062
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
8210655a29eea3974367666e19098994f05bbe57684f1b66d07ea5baa0d54cf5
-
Size
770KB
-
MD5
d331d8bcce3f4d219a050d29a5f82341
-
SHA1
ebf4e851b65630f9b849ad6c2cadc8be5d6ee6f9
-
SHA256
8210655a29eea3974367666e19098994f05bbe57684f1b66d07ea5baa0d54cf5
-
SHA512
891855daf53f138478dca0bb91d25cd7be280b49cef97b2c65e73f399757d311e496a4207b6efbae9313c6e944c98e891e44aeff0c2b3b25806caeeba01f963a
-
SSDEEP
24576:ayJxvtEufWr7mWZMCzmCE2erZNFh0qVbpjf:hJlMUCxEjTllp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-