Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dc6005a225949af9e6c8b9c7f7ccca72b8a23bacb5c58fe54db8307138714052
-
Size
729KB
-
Sample
230531-lm3yxaea39
-
MD5
58050a1ebf8c3e4b23f3761673cd91af
-
SHA1
7939756aeb4aba6321df0f41dafa06695b6838d9
-
SHA256
dc6005a225949af9e6c8b9c7f7ccca72b8a23bacb5c58fe54db8307138714052
-
SHA512
bd278b076baa4b264fe6fe5e9bd9ec88886562be0b46b7fb23a3b6d1ee41af37c9453ffe4ce1cada1eebbf25ab6578209e089a77c5573c1d2cc01fd25cd9ef25
-
SSDEEP
12288:nMr4y90L27behJsC4Vd3XSa1GDem0khcOdJ0Q03cSQZ/w1spkngKVO3zvAI:nyzne4C4Vdp4R30Q0TQZ/asuV6zvAI
Static task
static1
Behavioral task
behavioral1
Sample
dc6005a225949af9e6c8b9c7f7ccca72b8a23bacb5c58fe54db8307138714052.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
musa
83.97.73.127:19045
-
auth_value
745cd242a52ab79c9c9026155d62f359
Extracted
redline
tinda
83.97.73.127:19045
-
auth_value
88da3924455f4ba3a1b76cd03af918bb
Targets
-
-
Target
dc6005a225949af9e6c8b9c7f7ccca72b8a23bacb5c58fe54db8307138714052
-
Size
729KB
-
MD5
58050a1ebf8c3e4b23f3761673cd91af
-
SHA1
7939756aeb4aba6321df0f41dafa06695b6838d9
-
SHA256
dc6005a225949af9e6c8b9c7f7ccca72b8a23bacb5c58fe54db8307138714052
-
SHA512
bd278b076baa4b264fe6fe5e9bd9ec88886562be0b46b7fb23a3b6d1ee41af37c9453ffe4ce1cada1eebbf25ab6578209e089a77c5573c1d2cc01fd25cd9ef25
-
SSDEEP
12288:nMr4y90L27behJsC4Vd3XSa1GDem0khcOdJ0Q03cSQZ/w1spkngKVO3zvAI:nyzne4C4Vdp4R30Q0TQZ/asuV6zvAI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-