Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
707c58d1dbfd454ec4fc46c71.bin
-
Size
431KB
-
Sample
230628-rqmzraag9v
-
MD5
5b3d3e8e90b403a5fa2cf645248140cc
-
SHA1
47671d9735a22ef14da6c4435dd4d623d43b59f2
-
SHA256
c72c3cac96cdcdc35cdb13f7e337aec9943a47a68599292aed08646b06e55605
-
SHA512
322112ddf70e7ccd4f570d17beee521a3038995f9efc11c2dc887eddb9502830442ccfdffc1388063fd20a8b9716279433d7409378f0cbf5fc0c7072f3b2f5fb
-
SSDEEP
12288:OLBioF10lcthkdOqBIoVSq+wmPEKrXwF8:OLwoF1xDqBIoVSDPEKrXp
Static task
static1
Behavioral task
behavioral1
Sample
d2834fa972322f62bd9f84ab763de4f1a3f047e5d713255fef91ef17da392f8e.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
d2834fa972322f62bd9f84ab763de4f1a3f047e5d713255fef91ef17da392f8e.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
redline
drake
83.97.73.131:19071
-
auth_value
74ce6ffe4025a2e4027fb727915e7d7c
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
d2834fa972322f62bd9f84ab763de4f1a3f047e5d713255fef91ef17da392f8e.exe
-
Size
508KB
-
MD5
707c58d1dbfd454ec4fc46c717deeae3
-
SHA1
e403877bc39370411de7d96ef6e92a6876d9faa5
-
SHA256
d2834fa972322f62bd9f84ab763de4f1a3f047e5d713255fef91ef17da392f8e
-
SHA512
e42b7afc9d0845b8e8657eeaba93ae5095f2bd05f750ccf6385a79f650c0333f972215ffe00bad461dd29ca018a91caf512bc8543bd59f45e23847db78638217
-
SSDEEP
12288:ntOy03z+7mXpO8kFqKoAZlpPH17BoS4jBHQ:sy0g4O8pKowTv17VoBHQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-