Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a55cbb1c28104a4d9791901ddf2d2c21ac966000f47cfbd7e78419732be8bd5a
-
Size
625KB
-
Sample
230604-s55nsacf23
-
MD5
c50387e1c866ea4e8a6eb06f96148e62
-
SHA1
bfecc48232e9ef78f38f80c13e5d44089e4696d6
-
SHA256
a55cbb1c28104a4d9791901ddf2d2c21ac966000f47cfbd7e78419732be8bd5a
-
SHA512
6eee78ebb2dfe6bbacac742b84359b2da478bd48f3b8c546dfa465faef1ab0cf0f98dcb123468c98afd81223c7ec6211a0e2fc880c8d0c24372fc958b5214fe3
-
SSDEEP
12288:QMrDy90QX1iehyRnW6gz2uMxaPnMTu/dIQmnbepzhh140:DytX1iehyRW3MxqnMsunWJ
Static task
static1
Behavioral task
behavioral1
Sample
a55cbb1c28104a4d9791901ddf2d2c21ac966000f47cfbd7e78419732be8bd5a.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
musa
83.97.73.126:19046
-
auth_value
745cd242a52ab79c9c9026155d62f359
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
a55cbb1c28104a4d9791901ddf2d2c21ac966000f47cfbd7e78419732be8bd5a
-
Size
625KB
-
MD5
c50387e1c866ea4e8a6eb06f96148e62
-
SHA1
bfecc48232e9ef78f38f80c13e5d44089e4696d6
-
SHA256
a55cbb1c28104a4d9791901ddf2d2c21ac966000f47cfbd7e78419732be8bd5a
-
SHA512
6eee78ebb2dfe6bbacac742b84359b2da478bd48f3b8c546dfa465faef1ab0cf0f98dcb123468c98afd81223c7ec6211a0e2fc880c8d0c24372fc958b5214fe3
-
SSDEEP
12288:QMrDy90QX1iehyRnW6gz2uMxaPnMTu/dIQmnbepzhh140:DytX1iehyRW3MxqnMsunWJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-