Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
87e6861660e1989fcc8984c73c6fed208ecde7ddbdec3456d789754f74c43c79
-
Size
750KB
-
Sample
230601-maeafsdf85
-
MD5
ed55501d1e8375acc46144acf05c4298
-
SHA1
9754f9ec703a41d87f2feded37773ea23624b261
-
SHA256
87e6861660e1989fcc8984c73c6fed208ecde7ddbdec3456d789754f74c43c79
-
SHA512
fb06a22b02c647902e4447408542dc9e0eb48099e4c7e226f581565b0dd0a729d4564fada7fa7f60df6451236a7120b259df05f1a96ff9933305f7c5c903f714
-
SSDEEP
12288:8Mriy90R9FEUojq7nPnk76WvJ4V8c+2+lKhKVvoZkR/5uZAswMTI6jeS:WyQcMGw3+IMVtR8A7MTI6jeS
Static task
static1
Behavioral task
behavioral1
Sample
87e6861660e1989fcc8984c73c6fed208ecde7ddbdec3456d789754f74c43c79.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
diza
83.97.73.127:19045
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
rocker
83.97.73.127:19045
-
auth_value
b4693c25843b5a1c7d63376e73e32dae
Targets
-
-
Target
87e6861660e1989fcc8984c73c6fed208ecde7ddbdec3456d789754f74c43c79
-
Size
750KB
-
MD5
ed55501d1e8375acc46144acf05c4298
-
SHA1
9754f9ec703a41d87f2feded37773ea23624b261
-
SHA256
87e6861660e1989fcc8984c73c6fed208ecde7ddbdec3456d789754f74c43c79
-
SHA512
fb06a22b02c647902e4447408542dc9e0eb48099e4c7e226f581565b0dd0a729d4564fada7fa7f60df6451236a7120b259df05f1a96ff9933305f7c5c903f714
-
SSDEEP
12288:8Mriy90R9FEUojq7nPnk76WvJ4V8c+2+lKhKVvoZkR/5uZAswMTI6jeS:WyQcMGw3+IMVtR8A7MTI6jeS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-