Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
be6c29b6863137f515029070ca39a49bc66382a165216b6e964ae6e26d84aacf
-
Size
761KB
-
Sample
230527-rva6racb26
-
MD5
69c6a65edf00a34e5df551debe6330a6
-
SHA1
a3a68cd42435526b900d8f5db820a6f7626ca037
-
SHA256
be6c29b6863137f515029070ca39a49bc66382a165216b6e964ae6e26d84aacf
-
SHA512
7e06dbba973a49bbdcd93701718b2f41004f004114bdd52910da9de4b6c150634f754ac0927ced5010fa86f03583804de8fa241097e8770cacd5f7a0a6633b6c
-
SSDEEP
12288:fMrOy90/ic35JJXf54NT6Q6qNaFe8BCQk/MkZWsgfgwOjmJocVJfTjI:hyA5fXfq/6q0FjvqWGSVxI
Static task
static1
Behavioral task
behavioral1
Sample
be6c29b6863137f515029070ca39a49bc66382a165216b6e964ae6e26d84aacf.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.127:19062
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
munder
83.97.73.127:19062
-
auth_value
159bf350f6393f0d879c80a22059fba2
Targets
-
-
Target
be6c29b6863137f515029070ca39a49bc66382a165216b6e964ae6e26d84aacf
-
Size
761KB
-
MD5
69c6a65edf00a34e5df551debe6330a6
-
SHA1
a3a68cd42435526b900d8f5db820a6f7626ca037
-
SHA256
be6c29b6863137f515029070ca39a49bc66382a165216b6e964ae6e26d84aacf
-
SHA512
7e06dbba973a49bbdcd93701718b2f41004f004114bdd52910da9de4b6c150634f754ac0927ced5010fa86f03583804de8fa241097e8770cacd5f7a0a6633b6c
-
SSDEEP
12288:fMrOy90/ic35JJXf54NT6Q6qNaFe8BCQk/MkZWsgfgwOjmJocVJfTjI:hyA5fXfq/6q0FjvqWGSVxI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-