Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b63e22026eb8524ae8981cd373e68451740afbd390ae31485c093a65a4a2396e
-
Size
785KB
-
Sample
230602-h8aygaad39
-
MD5
2f80598e8d89643783e2568299a42f1e
-
SHA1
45503ba5fc9c868624e28af22bc2959147cf2ccd
-
SHA256
b63e22026eb8524ae8981cd373e68451740afbd390ae31485c093a65a4a2396e
-
SHA512
0aae387778307f58f64b648b772474b4aafe94b515981790658088497a723e9bbe377a1b3b3ea6133e112323ee9fa0eb718b1e5ab60be8b50965910dc7113b08
-
SSDEEP
24576:RyrXYY8PANP5KzkQEM+obXKq8qHwCVFF/1PAQ:Ec4KzkQ+88qHxVFF/
Static task
static1
Behavioral task
behavioral1
Sample
b63e22026eb8524ae8981cd373e68451740afbd390ae31485c093a65a4a2396e.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
dars
83.97.73.127:19045
-
auth_value
7cd208e6b6c927262304d5d4d88647fd
Extracted
redline
grom
83.97.73.127:19045
-
auth_value
2193aac8692a5e1ec66d9db9fa25ee00
Targets
-
-
Target
b63e22026eb8524ae8981cd373e68451740afbd390ae31485c093a65a4a2396e
-
Size
785KB
-
MD5
2f80598e8d89643783e2568299a42f1e
-
SHA1
45503ba5fc9c868624e28af22bc2959147cf2ccd
-
SHA256
b63e22026eb8524ae8981cd373e68451740afbd390ae31485c093a65a4a2396e
-
SHA512
0aae387778307f58f64b648b772474b4aafe94b515981790658088497a723e9bbe377a1b3b3ea6133e112323ee9fa0eb718b1e5ab60be8b50965910dc7113b08
-
SSDEEP
24576:RyrXYY8PANP5KzkQEM+obXKq8qHwCVFF/1PAQ:Ec4KzkQ+88qHxVFF/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-