Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
11d43c5bd6f9443d6972a5c63c6cbad4488a5954ac309ef2e4328b021fa59d46
-
Size
806KB
-
Sample
230529-f62x3aac31
-
MD5
aca88ae7746d36d2cae651082a4621fe
-
SHA1
397a817ddd026455bc92293c60e93714b13073c8
-
SHA256
11d43c5bd6f9443d6972a5c63c6cbad4488a5954ac309ef2e4328b021fa59d46
-
SHA512
c6866caa926b5221c6719866746b08a96980bf9307d4b24885dc176ae9c11b7343b5d10a14d95949ed0abe15ec7ee4dead80bedea392d582a6b3b680546f80b0
-
SSDEEP
24576:5ynxk7OauZFqf1pm6UVLKKm1eqnv6USjX:sASq9pm6U5KK9qnv
Static task
static1
Behavioral task
behavioral1
Sample
11d43c5bd6f9443d6972a5c63c6cbad4488a5954ac309ef2e4328b021fa59d46.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.127:19045
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
metro
83.97.73.127:19045
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
11d43c5bd6f9443d6972a5c63c6cbad4488a5954ac309ef2e4328b021fa59d46
-
Size
806KB
-
MD5
aca88ae7746d36d2cae651082a4621fe
-
SHA1
397a817ddd026455bc92293c60e93714b13073c8
-
SHA256
11d43c5bd6f9443d6972a5c63c6cbad4488a5954ac309ef2e4328b021fa59d46
-
SHA512
c6866caa926b5221c6719866746b08a96980bf9307d4b24885dc176ae9c11b7343b5d10a14d95949ed0abe15ec7ee4dead80bedea392d582a6b3b680546f80b0
-
SSDEEP
24576:5ynxk7OauZFqf1pm6UVLKKm1eqnv6USjX:sASq9pm6U5KK9qnv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-