Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ef2a05a43128f02243b62c9fcc18413d639e205660bdb79343d18f4e3a407b6b
-
Size
1.0MB
-
Sample
230530-g8tvxafg37
-
MD5
671b210e48c8588715255cd0bc31b34d
-
SHA1
1386bc6eca4197aca75814925f222c116ea1db09
-
SHA256
ef2a05a43128f02243b62c9fcc18413d639e205660bdb79343d18f4e3a407b6b
-
SHA512
99864562c5d173c017be9bc69455a2e88c482a5e332c0342ecd297c4fa763fd2aebb3aa6b680353edcc0b96428b4c73ad4e187feb6f21e1c797fac410696631b
-
SSDEEP
12288:zMrvy90u39IBalThxMbtFUuDMAuEWNVe662D4wyQPxbvGvlQAz6KfB7X9r75uf1T:cyFt5lTXZuee662DY0il/9BD7udc41
Static task
static1
Behavioral task
behavioral1
Sample
ef2a05a43128f02243b62c9fcc18413d639e205660bdb79343d18f4e3a407b6b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
liza
83.97.73.127:19045
-
auth_value
198e3e9b188d6cfab0a2b0fb100bb7c5
Extracted
redline
ronin
83.97.73.127:19045
-
auth_value
4cce855f5ba9b9b6e5b1400f102745de
Targets
-
-
Target
ef2a05a43128f02243b62c9fcc18413d639e205660bdb79343d18f4e3a407b6b
-
Size
1.0MB
-
MD5
671b210e48c8588715255cd0bc31b34d
-
SHA1
1386bc6eca4197aca75814925f222c116ea1db09
-
SHA256
ef2a05a43128f02243b62c9fcc18413d639e205660bdb79343d18f4e3a407b6b
-
SHA512
99864562c5d173c017be9bc69455a2e88c482a5e332c0342ecd297c4fa763fd2aebb3aa6b680353edcc0b96428b4c73ad4e187feb6f21e1c797fac410696631b
-
SSDEEP
12288:zMrvy90u39IBalThxMbtFUuDMAuEWNVe662D4wyQPxbvGvlQAz6KfB7X9r75uf1T:cyFt5lTXZuee662DY0il/9BD7udc41
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-