Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d34d41d677e6a61ef2ed228ec27e36fc2850bbc5b6c5836846bcfa8fc418ac42
-
Size
525KB
-
Sample
230306-amvfzshd5z
-
MD5
6d585591bfb4c2efbf0fcdb307d45aa2
-
SHA1
6cc0159a727327cd65b63e8d5946911bd9e537f6
-
SHA256
d34d41d677e6a61ef2ed228ec27e36fc2850bbc5b6c5836846bcfa8fc418ac42
-
SHA512
f49dab4ec90e3b0c7f52c18ab5bff99754f00f78c544adf00d316cda2dc0e27dd5823bd7277c576eee8744d41afbed3ccab04049106885789384fc018305505e
-
SSDEEP
6144:Kny+bnr+Sp0yN90QEDMxDh8zn/N5FL6toGisx86IjVIc3kziRNXdCw0RhSQX8Psd:hMriy90eI/Pt6ixo860OcpRCBje8NeS
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Extracted
redline
fabio
193.233.20.27:4123
-
auth_value
56b82736c3f56b13be8e64c87d2cf9e5
Targets
-
-
Target
d34d41d677e6a61ef2ed228ec27e36fc2850bbc5b6c5836846bcfa8fc418ac42
-
Size
525KB
-
MD5
6d585591bfb4c2efbf0fcdb307d45aa2
-
SHA1
6cc0159a727327cd65b63e8d5946911bd9e537f6
-
SHA256
d34d41d677e6a61ef2ed228ec27e36fc2850bbc5b6c5836846bcfa8fc418ac42
-
SHA512
f49dab4ec90e3b0c7f52c18ab5bff99754f00f78c544adf00d316cda2dc0e27dd5823bd7277c576eee8744d41afbed3ccab04049106885789384fc018305505e
-
SSDEEP
6144:Kny+bnr+Sp0yN90QEDMxDh8zn/N5FL6toGisx86IjVIc3kziRNXdCw0RhSQX8Psd:hMriy90eI/Pt6ixo860OcpRCBje8NeS
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-