Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
26c034f0851ed4b8a9f124969a116cdde99f7e2df76ece91555ac8e10dc55aa0
-
Size
752KB
-
Sample
230601-dn4mtscc82
-
MD5
b0a93c03d13b94bc5512ca1e4610dbaa
-
SHA1
9ca222acab134133193c68324cc276b240c0ef5a
-
SHA256
26c034f0851ed4b8a9f124969a116cdde99f7e2df76ece91555ac8e10dc55aa0
-
SHA512
32aed29676a934245e76222a2f4400455420fba70420eeef7dc800e34ecc3a67a4067e681a35c1df6037e56d4364a7964a8474b06f9a25efce780c9a28ea99d0
-
SSDEEP
12288:HMrxy903GkFSEyt4E+K79c5+/SQDAm2P3gwzRUCRC2PyWwTwlQfq5:SyXc9yt4dK9AjPQwzuCReWwTwWfq5
Static task
static1
Behavioral task
behavioral1
Sample
26c034f0851ed4b8a9f124969a116cdde99f7e2df76ece91555ac8e10dc55aa0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.127:19045
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
rocker
83.97.73.127:19045
-
auth_value
b4693c25843b5a1c7d63376e73e32dae
Targets
-
-
Target
26c034f0851ed4b8a9f124969a116cdde99f7e2df76ece91555ac8e10dc55aa0
-
Size
752KB
-
MD5
b0a93c03d13b94bc5512ca1e4610dbaa
-
SHA1
9ca222acab134133193c68324cc276b240c0ef5a
-
SHA256
26c034f0851ed4b8a9f124969a116cdde99f7e2df76ece91555ac8e10dc55aa0
-
SHA512
32aed29676a934245e76222a2f4400455420fba70420eeef7dc800e34ecc3a67a4067e681a35c1df6037e56d4364a7964a8474b06f9a25efce780c9a28ea99d0
-
SSDEEP
12288:HMrxy903GkFSEyt4E+K79c5+/SQDAm2P3gwzRUCRC2PyWwTwlQfq5:SyXc9yt4dK9AjPQwzuCReWwTwWfq5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-