Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8fc3eaaeef86a910684f2ef65057434c09ce75df675195b862544f31b1887fc3
-
Size
942KB
-
Sample
231102-m6vmbaag8z
-
MD5
379d348302348eba377eabc50774ec21
-
SHA1
3d89637c459d860046904719099d81376a8776b0
-
SHA256
8fc3eaaeef86a910684f2ef65057434c09ce75df675195b862544f31b1887fc3
-
SHA512
4cf48652713c1da024da7509c6aba860e3f2999163c4e8d060d96a6e3bd4ecb01f90399d754ad1b4f7ae23455be6e68afd0b7a6be5e2093890b4da84a372ac6d
-
SSDEEP
12288:Q7XART2E/mNwqKbov27C9OV266iq00ARW8jvBvGg5FEzzWuM1E476:EXARtmNw3bov27HVW3IRW8jP5FE3y7
Static task
static1
Behavioral task
behavioral1
Sample
8fc3eaaeef86a910684f2ef65057434c09ce75df675195b862544f31b1887fc3.exe
Resource
win10-20231020-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
plost
77.91.124.86:19084
Targets
-
-
Target
8fc3eaaeef86a910684f2ef65057434c09ce75df675195b862544f31b1887fc3
-
Size
942KB
-
MD5
379d348302348eba377eabc50774ec21
-
SHA1
3d89637c459d860046904719099d81376a8776b0
-
SHA256
8fc3eaaeef86a910684f2ef65057434c09ce75df675195b862544f31b1887fc3
-
SHA512
4cf48652713c1da024da7509c6aba860e3f2999163c4e8d060d96a6e3bd4ecb01f90399d754ad1b4f7ae23455be6e68afd0b7a6be5e2093890b4da84a372ac6d
-
SSDEEP
12288:Q7XART2E/mNwqKbov27C9OV266iq00ARW8jvBvGg5FEzzWuM1E476:EXARtmNw3bov27HVW3IRW8jP5FE3y7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-