Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7c36a2d34d7dfb028e03f206e65445cb1d45e603a1c550074b4f6292458a18b8
-
Size
753KB
-
Sample
230530-s7peksag6y
-
MD5
916c018e71f47c062ecf1f6569cd6f09
-
SHA1
b8fcb0ea86d2bcb22d40d74443475229533c643e
-
SHA256
7c36a2d34d7dfb028e03f206e65445cb1d45e603a1c550074b4f6292458a18b8
-
SHA512
b298c4871621c1b555b44a483d96fa109708fa2c2d941cf7664fc57a1aa0f0d0dccdd0dc1aaae00e5ed8b8515b5be3067236af70085514010b0ca6a7ebf48927
-
SSDEEP
12288:GMrOy90UExi/pbB6OzjFW7IQ/0ZsyQHM+NfDdTtni8OwqQOuPGqsII10:EySYZBfwIH2s859FJLtG710
Static task
static1
Behavioral task
behavioral1
Sample
7c36a2d34d7dfb028e03f206e65445cb1d45e603a1c550074b4f6292458a18b8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.127:19045
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
ronin
83.97.73.127:19045
-
auth_value
4cce855f5ba9b9b6e5b1400f102745de
Targets
-
-
Target
7c36a2d34d7dfb028e03f206e65445cb1d45e603a1c550074b4f6292458a18b8
-
Size
753KB
-
MD5
916c018e71f47c062ecf1f6569cd6f09
-
SHA1
b8fcb0ea86d2bcb22d40d74443475229533c643e
-
SHA256
7c36a2d34d7dfb028e03f206e65445cb1d45e603a1c550074b4f6292458a18b8
-
SHA512
b298c4871621c1b555b44a483d96fa109708fa2c2d941cf7664fc57a1aa0f0d0dccdd0dc1aaae00e5ed8b8515b5be3067236af70085514010b0ca6a7ebf48927
-
SSDEEP
12288:GMrOy90UExi/pbB6OzjFW7IQ/0ZsyQHM+NfDdTtni8OwqQOuPGqsII10:EySYZBfwIH2s859FJLtG710
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-