Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1eac1569a7f8580e2479caf792b9a4f8fff69fcd2615d44effe7aa08a9620b75
-
Size
1.0MB
-
Sample
230530-m8zztahc34
-
MD5
bb3ee59d04c4a92b55c6493edf231253
-
SHA1
1d80baadcbb9c1de0f556455cbab3451d5f580e1
-
SHA256
1eac1569a7f8580e2479caf792b9a4f8fff69fcd2615d44effe7aa08a9620b75
-
SHA512
aa6b002cd461a941d0cc3ed98e762d9b12cd3b3782c9866289240c342159895fa0b2b28e3d9024d6d1a2a94604a874bb608bbeb483d63c2f5a5847e6f050784e
-
SSDEEP
24576:SyAAUIFKfeNlqQJkX4Na1nhqbrT/4JTiu3fDXD9dOMLVDl:5AAUIFKfIMMkX4sNhqbn/4YWLd
Static task
static1
Behavioral task
behavioral1
Sample
1eac1569a7f8580e2479caf792b9a4f8fff69fcd2615d44effe7aa08a9620b75.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
liza
83.97.73.127:19045
-
auth_value
198e3e9b188d6cfab0a2b0fb100bb7c5
Extracted
redline
ronin
83.97.73.127:19045
-
auth_value
4cce855f5ba9b9b6e5b1400f102745de
Targets
-
-
Target
1eac1569a7f8580e2479caf792b9a4f8fff69fcd2615d44effe7aa08a9620b75
-
Size
1.0MB
-
MD5
bb3ee59d04c4a92b55c6493edf231253
-
SHA1
1d80baadcbb9c1de0f556455cbab3451d5f580e1
-
SHA256
1eac1569a7f8580e2479caf792b9a4f8fff69fcd2615d44effe7aa08a9620b75
-
SHA512
aa6b002cd461a941d0cc3ed98e762d9b12cd3b3782c9866289240c342159895fa0b2b28e3d9024d6d1a2a94604a874bb608bbeb483d63c2f5a5847e6f050784e
-
SSDEEP
24576:SyAAUIFKfeNlqQJkX4Na1nhqbrT/4JTiu3fDXD9dOMLVDl:5AAUIFKfIMMkX4sNhqbn/4YWLd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-