Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fa7be7315b16b74cfd49404de2bd6485ba95215bb156e0c8f6bdb2ec958a6f45
-
Size
754KB
-
Sample
230529-16f1tadg38
-
MD5
b20182a9d2097e7e8fd817ecd90f6ca7
-
SHA1
022d01d8af791a11c5173b2b1872bad716c1cb85
-
SHA256
fa7be7315b16b74cfd49404de2bd6485ba95215bb156e0c8f6bdb2ec958a6f45
-
SHA512
27dfa891456cded983a3b41724180cc37932fa52e4d0c1075b74b454b59ef00447156e570b6bb4cdd64695bbba65bec805bbc5ff07fecafc72a261be93bf53f0
-
SSDEEP
12288:xMr4y901W/lP916Fa30E92ctLs4x3zAfU6uHCIqx7ac0kxcVoZ1s04dm91wb5k:hyZZqyHLsI3yZxfxW8VZym9C9k
Static task
static1
Behavioral task
behavioral1
Sample
fa7be7315b16b74cfd49404de2bd6485ba95215bb156e0c8f6bdb2ec958a6f45.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.127:19045
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
ronin
83.97.73.127:19045
-
auth_value
4cce855f5ba9b9b6e5b1400f102745de
Targets
-
-
Target
fa7be7315b16b74cfd49404de2bd6485ba95215bb156e0c8f6bdb2ec958a6f45
-
Size
754KB
-
MD5
b20182a9d2097e7e8fd817ecd90f6ca7
-
SHA1
022d01d8af791a11c5173b2b1872bad716c1cb85
-
SHA256
fa7be7315b16b74cfd49404de2bd6485ba95215bb156e0c8f6bdb2ec958a6f45
-
SHA512
27dfa891456cded983a3b41724180cc37932fa52e4d0c1075b74b454b59ef00447156e570b6bb4cdd64695bbba65bec805bbc5ff07fecafc72a261be93bf53f0
-
SSDEEP
12288:xMr4y901W/lP916Fa30E92ctLs4x3zAfU6uHCIqx7ac0kxcVoZ1s04dm91wb5k:hyZZqyHLsI3yZxfxW8VZym9C9k
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-