Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7b5dd75c4d2f5dbba3b3796a08aa1eb6e6bf1e1fb34db4814c8bede5767a4558
-
Size
771KB
-
Sample
230528-h36g7afa3t
-
MD5
b4bd3fa7a69d9164515bb77af0ca55b7
-
SHA1
eacc0677828ecc8a0a04def1b2ca5d87ff67ea30
-
SHA256
7b5dd75c4d2f5dbba3b3796a08aa1eb6e6bf1e1fb34db4814c8bede5767a4558
-
SHA512
3f46df41a8f8a0624e7183d537cf654edd675cf07d803a14881716b9fd8109ca2be91b381b4e06e6c369d4867b94a70f6add36799a86476e7535e25e0fedcffb
-
SSDEEP
24576:UyP2iPOzP7YNxqawigLfvO7OvWUGQ1ax:j5WzENxkJbvfvrG4
Static task
static1
Behavioral task
behavioral1
Sample
7b5dd75c4d2f5dbba3b3796a08aa1eb6e6bf1e1fb34db4814c8bede5767a4558.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
mura
83.97.73.127:19062
-
auth_value
b2ee4a66a20fb9e998d6a68277565331
Extracted
redline
heroy
83.97.73.127:19062
-
auth_value
b2879468e50d2d36e66f1a067d4a8bb3
Targets
-
-
Target
7b5dd75c4d2f5dbba3b3796a08aa1eb6e6bf1e1fb34db4814c8bede5767a4558
-
Size
771KB
-
MD5
b4bd3fa7a69d9164515bb77af0ca55b7
-
SHA1
eacc0677828ecc8a0a04def1b2ca5d87ff67ea30
-
SHA256
7b5dd75c4d2f5dbba3b3796a08aa1eb6e6bf1e1fb34db4814c8bede5767a4558
-
SHA512
3f46df41a8f8a0624e7183d537cf654edd675cf07d803a14881716b9fd8109ca2be91b381b4e06e6c369d4867b94a70f6add36799a86476e7535e25e0fedcffb
-
SSDEEP
24576:UyP2iPOzP7YNxqawigLfvO7OvWUGQ1ax:j5WzENxkJbvfvrG4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-