Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8e4a27db796a1a0bc5dd7b77b0945d586f6f518e1d1f6c90eb0059dfaf572e24
-
Size
754KB
-
Sample
230601-z4rh4aha5t
-
MD5
898ad9f4af3f61a9d68aceb2d800b08a
-
SHA1
6bdcb81ede766a83d3a4a6fd87844276a2c3ea29
-
SHA256
8e4a27db796a1a0bc5dd7b77b0945d586f6f518e1d1f6c90eb0059dfaf572e24
-
SHA512
87cc663ab30d039651be16baf041f98819296309935db4112d08cc22b8bca2d69c85b3b0744b9a7df7b9d1aa34b1546d6f119e241a4d2dbe6aad42ff77ad3d6d
-
SSDEEP
12288:oMrky90xh7wz+Jtx4MjmlL2ZlI07NKGELgZYznXAT6NSZFAEWNWjQ77hM:sy7z+JtCaSSNFEDDXpSsEkaQJM
Static task
static1
Behavioral task
behavioral1
Sample
8e4a27db796a1a0bc5dd7b77b0945d586f6f518e1d1f6c90eb0059dfaf572e24.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dars
83.97.73.127:19045
-
auth_value
7cd208e6b6c927262304d5d4d88647fd
Extracted
redline
grom
83.97.73.127:19045
-
auth_value
2193aac8692a5e1ec66d9db9fa25ee00
Targets
-
-
Target
8e4a27db796a1a0bc5dd7b77b0945d586f6f518e1d1f6c90eb0059dfaf572e24
-
Size
754KB
-
MD5
898ad9f4af3f61a9d68aceb2d800b08a
-
SHA1
6bdcb81ede766a83d3a4a6fd87844276a2c3ea29
-
SHA256
8e4a27db796a1a0bc5dd7b77b0945d586f6f518e1d1f6c90eb0059dfaf572e24
-
SHA512
87cc663ab30d039651be16baf041f98819296309935db4112d08cc22b8bca2d69c85b3b0744b9a7df7b9d1aa34b1546d6f119e241a4d2dbe6aad42ff77ad3d6d
-
SSDEEP
12288:oMrky90xh7wz+Jtx4MjmlL2ZlI07NKGELgZYznXAT6NSZFAEWNWjQ77hM:sy7z+JtCaSSNFEDDXpSsEkaQJM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-