Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
79065f79febe72b265756fa51a0300d6fee0d92256d4d6e4d91fbe3df475d867
-
Size
592KB
-
Sample
230607-1xdjbsgh9s
-
MD5
7e19bffa0c81a052de2ff798af5a2c8a
-
SHA1
af85d118261a32b8a01d0a30d5bd81195c79a6ce
-
SHA256
79065f79febe72b265756fa51a0300d6fee0d92256d4d6e4d91fbe3df475d867
-
SHA512
b974cbec52a15e02fb49ad1a364a83b89994af0c5de0797a4439a60e9daa4c3340efe0cf5bf0ad8c2cb648b465f8aa3ba1be589c785b133c53b09b8a6b95a042
-
SSDEEP
12288:5Mrry900o83lGlU+zUUczDUZuGw41R8OFIW0POdg5jKkx+fd:uyNo83AGDeuGw41RqhCkofd
Static task
static1
Behavioral task
behavioral1
Sample
79065f79febe72b265756fa51a0300d6fee0d92256d4d6e4d91fbe3df475d867.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.129:19068
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
79065f79febe72b265756fa51a0300d6fee0d92256d4d6e4d91fbe3df475d867
-
Size
592KB
-
MD5
7e19bffa0c81a052de2ff798af5a2c8a
-
SHA1
af85d118261a32b8a01d0a30d5bd81195c79a6ce
-
SHA256
79065f79febe72b265756fa51a0300d6fee0d92256d4d6e4d91fbe3df475d867
-
SHA512
b974cbec52a15e02fb49ad1a364a83b89994af0c5de0797a4439a60e9daa4c3340efe0cf5bf0ad8c2cb648b465f8aa3ba1be589c785b133c53b09b8a6b95a042
-
SSDEEP
12288:5Mrry900o83lGlU+zUUczDUZuGw41R8OFIW0POdg5jKkx+fd:uyNo83AGDeuGw41RqhCkofd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-