Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
38fd236b9e5e0d284be0bc7e1cc8c77aac470fa982e0a45f497e32b282ccf464
-
Size
752KB
-
Sample
230529-z99xmaea4x
-
MD5
4a0c182882a703422d61d22cdefaf002
-
SHA1
d9ac862415d1db4dc24f538a228ad5a6a92b23b9
-
SHA256
38fd236b9e5e0d284be0bc7e1cc8c77aac470fa982e0a45f497e32b282ccf464
-
SHA512
55267aea773a8de91d02f1512df9acb2582bcdeeb7e72ac9c4a58144917cdf3b196d1ef5f42b126b678d4cf935ab82190b25ad8d3627fabcb1e579130034bd5e
-
SSDEEP
12288:lMrzy90+qlduvdr97OJOz4JyuUgCdvvG3czYYRDzrmaw3XcXLJa2o5SuHMzjuF:ayU7uvdJikzqnSvvn8YpE3XcXLv1jCF
Static task
static1
Behavioral task
behavioral1
Sample
38fd236b9e5e0d284be0bc7e1cc8c77aac470fa982e0a45f497e32b282ccf464.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.127:19045
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.127:19045
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
38fd236b9e5e0d284be0bc7e1cc8c77aac470fa982e0a45f497e32b282ccf464
-
Size
752KB
-
MD5
4a0c182882a703422d61d22cdefaf002
-
SHA1
d9ac862415d1db4dc24f538a228ad5a6a92b23b9
-
SHA256
38fd236b9e5e0d284be0bc7e1cc8c77aac470fa982e0a45f497e32b282ccf464
-
SHA512
55267aea773a8de91d02f1512df9acb2582bcdeeb7e72ac9c4a58144917cdf3b196d1ef5f42b126b678d4cf935ab82190b25ad8d3627fabcb1e579130034bd5e
-
SSDEEP
12288:lMrzy90+qlduvdr97OJOz4JyuUgCdvvG3czYYRDzrmaw3XcXLJa2o5SuHMzjuF:ayU7uvdJikzqnSvvn8YpE3XcXLv1jCF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-