Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b6da51acb6e5fec5e01f1642d0fa4702e2e9b26ec3815ceb182e13f149d2023a
-
Size
752KB
-
Sample
230530-htz9tagc3s
-
MD5
f2f7a6f827f7d707a8b71c6d7bb5e558
-
SHA1
24b738ff2a04b6119f8089020efe0c852894a868
-
SHA256
b6da51acb6e5fec5e01f1642d0fa4702e2e9b26ec3815ceb182e13f149d2023a
-
SHA512
fd6af17befa6ef7d94573b75fa9bb0ab8e7e3367e20cc985ecea62f7fdf1e6c033ebfc5f9812d92939a7e8153757b6245b0174393441155ca21270846a84baa3
-
SSDEEP
12288:4MrKy90B4vmP1QblpFFBomj0DgCbeDeynDX+8aZawv+0KLjhZRTp7VgV8Xe1vIpr:SyA4vmKpz2PlyDuDaw7KtTp7Vgfv8r
Static task
static1
Behavioral task
behavioral1
Sample
b6da51acb6e5fec5e01f1642d0fa4702e2e9b26ec3815ceb182e13f149d2023a.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.127:19045
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
ronin
83.97.73.127:19045
-
auth_value
4cce855f5ba9b9b6e5b1400f102745de
Targets
-
-
Target
b6da51acb6e5fec5e01f1642d0fa4702e2e9b26ec3815ceb182e13f149d2023a
-
Size
752KB
-
MD5
f2f7a6f827f7d707a8b71c6d7bb5e558
-
SHA1
24b738ff2a04b6119f8089020efe0c852894a868
-
SHA256
b6da51acb6e5fec5e01f1642d0fa4702e2e9b26ec3815ceb182e13f149d2023a
-
SHA512
fd6af17befa6ef7d94573b75fa9bb0ab8e7e3367e20cc985ecea62f7fdf1e6c033ebfc5f9812d92939a7e8153757b6245b0174393441155ca21270846a84baa3
-
SSDEEP
12288:4MrKy90B4vmP1QblpFFBomj0DgCbeDeynDX+8aZawv+0KLjhZRTp7VgV8Xe1vIpr:SyA4vmKpz2PlyDuDaw7KtTp7Vgfv8r
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-