Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
db3c6ed18cd2935f26d783a0b5c48f375e911762fdd92e86f326db21f2be2936
-
Size
770KB
-
Sample
230527-29egtsdd82
-
MD5
44b775aa2dbabc3f6d273c165550c35d
-
SHA1
61c8eb74706f3d113a847fd1a478b1a024839853
-
SHA256
db3c6ed18cd2935f26d783a0b5c48f375e911762fdd92e86f326db21f2be2936
-
SHA512
424db8ffe5dbb8bf1449ab27aeabb67bae49f71d18faa41dd68d4c50723b7d5defc94f58476fbd9ecad1bb8310b633aa5c3965b84a33dde14b0560325afa3472
-
SSDEEP
12288:8Mrwy90ZP3MqDG7dX1MJ+RBNHWReur0vy95akM+LCWbEiUkxaozMzg8TdAtTcWUX:8y2967e+RbkebS54+LGkxaPzCKWcGi
Static task
static1
Behavioral task
behavioral1
Sample
db3c6ed18cd2935f26d783a0b5c48f375e911762fdd92e86f326db21f2be2936.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
dura
83.97.73.127:19062
-
auth_value
44b7d6fb9572dea0d64d018139c3d208
Extracted
redline
heroy
83.97.73.127:19062
-
auth_value
b2879468e50d2d36e66f1a067d4a8bb3
Targets
-
-
Target
db3c6ed18cd2935f26d783a0b5c48f375e911762fdd92e86f326db21f2be2936
-
Size
770KB
-
MD5
44b775aa2dbabc3f6d273c165550c35d
-
SHA1
61c8eb74706f3d113a847fd1a478b1a024839853
-
SHA256
db3c6ed18cd2935f26d783a0b5c48f375e911762fdd92e86f326db21f2be2936
-
SHA512
424db8ffe5dbb8bf1449ab27aeabb67bae49f71d18faa41dd68d4c50723b7d5defc94f58476fbd9ecad1bb8310b633aa5c3965b84a33dde14b0560325afa3472
-
SSDEEP
12288:8Mrwy90ZP3MqDG7dX1MJ+RBNHWReur0vy95akM+LCWbEiUkxaozMzg8TdAtTcWUX:8y2967e+RbkebS54+LGkxaPzCKWcGi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-