Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a882eddca7b8e6dce8a50b87fbd19efa38dc6dfc4c96772fde7be9994b821eec
-
Size
755KB
-
Sample
230602-eg6dhshg23
-
MD5
c26bfff82f4ef6cd819f3ca4f9eca24f
-
SHA1
14ef056349e712ee1794ef929c1dcdefd6107c28
-
SHA256
a882eddca7b8e6dce8a50b87fbd19efa38dc6dfc4c96772fde7be9994b821eec
-
SHA512
d086ecd2cb5a9a8a3a0cb19bc54b5142f570a46602e69923c05b687ea6996d402a1e9c2b4bb5917c582cb116e2d550e84c5ec4a0ff9ab5b2f99a0b7b41c51e70
-
SSDEEP
12288:FMrKy903u6dVnDgo/VLMmq0u8g6bjTW4IZ+CAgnsvny6Rp5VgX0ienw4R7c68Ep1:7yku6dVnDVLI09fWBsvhj5Umw4Zc68Q1
Static task
static1
Behavioral task
behavioral1
Sample
a882eddca7b8e6dce8a50b87fbd19efa38dc6dfc4c96772fde7be9994b821eec.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dars
83.97.73.127:19045
-
auth_value
7cd208e6b6c927262304d5d4d88647fd
Extracted
redline
grom
83.97.73.127:19045
-
auth_value
2193aac8692a5e1ec66d9db9fa25ee00
Targets
-
-
Target
a882eddca7b8e6dce8a50b87fbd19efa38dc6dfc4c96772fde7be9994b821eec
-
Size
755KB
-
MD5
c26bfff82f4ef6cd819f3ca4f9eca24f
-
SHA1
14ef056349e712ee1794ef929c1dcdefd6107c28
-
SHA256
a882eddca7b8e6dce8a50b87fbd19efa38dc6dfc4c96772fde7be9994b821eec
-
SHA512
d086ecd2cb5a9a8a3a0cb19bc54b5142f570a46602e69923c05b687ea6996d402a1e9c2b4bb5917c582cb116e2d550e84c5ec4a0ff9ab5b2f99a0b7b41c51e70
-
SSDEEP
12288:FMrKy903u6dVnDgo/VLMmq0u8g6bjTW4IZ+CAgnsvny6Rp5VgX0ienw4R7c68Ep1:7yku6dVnDVLI09fWBsvhj5Umw4Zc68Q1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-