Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7d84cc2060a4ad15ff8e5519ab1748da0b2075bb75723f7ba874a6863a08b5b4
-
Size
770KB
-
Sample
230528-bzkyraec4z
-
MD5
f7e38b540d9bce75f7bfd6d08cf881c3
-
SHA1
cd448e306b3b83a72b18994ec63b25f8d68851cc
-
SHA256
7d84cc2060a4ad15ff8e5519ab1748da0b2075bb75723f7ba874a6863a08b5b4
-
SHA512
215db2a58c139a921a1c6590595be18d254c19d8be395e1fcd16acea642fa16bef4c4cd55b1d3ee27e47a01c67ace6758ce48f5a77ef6d3fe86fa2043287209c
-
SSDEEP
12288:pMrpy90ZS6VI6UCh0jKtR4bNvLt0ntqvAEp8MNwhPTGu3I6zoytU1in:Ay2BDR4BLtmtY8phooHUO
Static task
static1
Behavioral task
behavioral1
Sample
7d84cc2060a4ad15ff8e5519ab1748da0b2075bb75723f7ba874a6863a08b5b4.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
dura
83.97.73.127:19062
-
auth_value
44b7d6fb9572dea0d64d018139c3d208
Extracted
redline
heroy
83.97.73.127:19062
-
auth_value
b2879468e50d2d36e66f1a067d4a8bb3
Targets
-
-
Target
7d84cc2060a4ad15ff8e5519ab1748da0b2075bb75723f7ba874a6863a08b5b4
-
Size
770KB
-
MD5
f7e38b540d9bce75f7bfd6d08cf881c3
-
SHA1
cd448e306b3b83a72b18994ec63b25f8d68851cc
-
SHA256
7d84cc2060a4ad15ff8e5519ab1748da0b2075bb75723f7ba874a6863a08b5b4
-
SHA512
215db2a58c139a921a1c6590595be18d254c19d8be395e1fcd16acea642fa16bef4c4cd55b1d3ee27e47a01c67ace6758ce48f5a77ef6d3fe86fa2043287209c
-
SSDEEP
12288:pMrpy90ZS6VI6UCh0jKtR4bNvLt0ntqvAEp8MNwhPTGu3I6zoytU1in:Ay2BDR4BLtmtY8phooHUO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-