Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2e25be38675349b68ee86da38b70010f.bin
-
Size
779KB
-
Sample
230605-mqkr6sga34
-
MD5
2e25be38675349b68ee86da38b70010f
-
SHA1
503dd2f959bc7337d83c929e4dd39de987f3fdb7
-
SHA256
80a5640ed15a2e851c5202648f4be37f06faa27bc0337310a8a39852bad47860
-
SHA512
1fad5627f7127ee6200d28c7bc3544b9a30447fffc93a13c5282f38d7b6ccd58549d37e2ef059af4cbaaef2a34bed325c04617bcaedc592c2e972f4f69e8c6da
-
SSDEEP
12288:SMrDy90G6VzOfL/Pl0CksV4xdP+Pw91SfHAnYMG/M72zJPPjlDVA+SQVSPY:5yU10l0f9+0wYnYMJ2JRq+HSw
Static task
static1
Behavioral task
behavioral1
Sample
2e25be38675349b68ee86da38b70010f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2e25be38675349b68ee86da38b70010f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
musa
83.97.73.126:19046
-
auth_value
745cd242a52ab79c9c9026155d62f359
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
2e25be38675349b68ee86da38b70010f.bin
-
Size
779KB
-
MD5
2e25be38675349b68ee86da38b70010f
-
SHA1
503dd2f959bc7337d83c929e4dd39de987f3fdb7
-
SHA256
80a5640ed15a2e851c5202648f4be37f06faa27bc0337310a8a39852bad47860
-
SHA512
1fad5627f7127ee6200d28c7bc3544b9a30447fffc93a13c5282f38d7b6ccd58549d37e2ef059af4cbaaef2a34bed325c04617bcaedc592c2e972f4f69e8c6da
-
SSDEEP
12288:SMrDy90G6VzOfL/Pl0CksV4xdP+Pw91SfHAnYMG/M72zJPPjlDVA+SQVSPY:5yU10l0f9+0wYnYMJ2JRq+HSw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-