Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3180f6ae841274a340259635593276434140680d051fe737af8f759bf21bfdc2
-
Size
530KB
-
Sample
230304-eg2ekaca2w
-
MD5
e1ae5a4c2c9a52b78c720b2feb361aa0
-
SHA1
039de53a0a96d488fbd079674cf59a2da863cd21
-
SHA256
3180f6ae841274a340259635593276434140680d051fe737af8f759bf21bfdc2
-
SHA512
0ea44b968dcdccfebe033b585b05c6b0fccd9b2ad1ec55e90f3c1d2931e242ecf462f26dc956fa709ff1c5a1871441d983a2c0a4154671291b4dfaeef431fff5
-
SSDEEP
12288:CMrmy90/jd8g/GwjK1HWQZWAQ3Z5MThBtSu:8y4ug/BwWNszJ
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Extracted
redline
foksa
hueref.eu:4162
-
auth_value
6a9b2601a21672b285de3ed41b5402e4
Targets
-
-
Target
3180f6ae841274a340259635593276434140680d051fe737af8f759bf21bfdc2
-
Size
530KB
-
MD5
e1ae5a4c2c9a52b78c720b2feb361aa0
-
SHA1
039de53a0a96d488fbd079674cf59a2da863cd21
-
SHA256
3180f6ae841274a340259635593276434140680d051fe737af8f759bf21bfdc2
-
SHA512
0ea44b968dcdccfebe033b585b05c6b0fccd9b2ad1ec55e90f3c1d2931e242ecf462f26dc956fa709ff1c5a1871441d983a2c0a4154671291b4dfaeef431fff5
-
SSDEEP
12288:CMrmy90/jd8g/GwjK1HWQZWAQ3Z5MThBtSu:8y4ug/BwWNszJ
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-