Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1975f7e35cb84054fd11fea4c0a9add8283f93af3d21b4b0f86eed15311857d0
-
Size
754KB
-
Sample
230530-kmnnjsgh3z
-
MD5
7287fee6ef14b372010bf38c2c239bcc
-
SHA1
3bc67753ce2eb1b07b0b97d07c4c14bbf5e7ed8e
-
SHA256
1975f7e35cb84054fd11fea4c0a9add8283f93af3d21b4b0f86eed15311857d0
-
SHA512
b27914d7b6fe48cc4e7e1aff368837745f19377a0b548c10e7150c12fc860043ff926991c186642ee34121cfd448ed6826e2659069744604d4a8c1810a7ef181
-
SSDEEP
12288:ZMrTy90Vo2nrroitJAsKrlmTHGEl4XAFoCuihuu7vB4QVdcxU9ft:myeDHo4WFGmVGjhVeq
Static task
static1
Behavioral task
behavioral1
Sample
1975f7e35cb84054fd11fea4c0a9add8283f93af3d21b4b0f86eed15311857d0.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
diza
83.97.73.127:19045
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
ronin
83.97.73.127:19045
-
auth_value
4cce855f5ba9b9b6e5b1400f102745de
Targets
-
-
Target
1975f7e35cb84054fd11fea4c0a9add8283f93af3d21b4b0f86eed15311857d0
-
Size
754KB
-
MD5
7287fee6ef14b372010bf38c2c239bcc
-
SHA1
3bc67753ce2eb1b07b0b97d07c4c14bbf5e7ed8e
-
SHA256
1975f7e35cb84054fd11fea4c0a9add8283f93af3d21b4b0f86eed15311857d0
-
SHA512
b27914d7b6fe48cc4e7e1aff368837745f19377a0b548c10e7150c12fc860043ff926991c186642ee34121cfd448ed6826e2659069744604d4a8c1810a7ef181
-
SSDEEP
12288:ZMrTy90Vo2nrroitJAsKrlmTHGEl4XAFoCuihuu7vB4QVdcxU9ft:myeDHo4WFGmVGjhVeq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-