Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a0d6d29157cd4035b6af75df082b57c4bc20a6fa5dbb2ec4b4df81681eb0836c
-
Size
687KB
-
Sample
230326-qxyjdsaf4v
-
MD5
f18af65f78443f399beb4104bb75832f
-
SHA1
95e68a5c39badd4d51d55dda6b8ddfd3e16e2bb2
-
SHA256
a0d6d29157cd4035b6af75df082b57c4bc20a6fa5dbb2ec4b4df81681eb0836c
-
SHA512
3437213bbf48234a42260ca690c2596b0ce6fd17e9186e201ab8030aef6d7d5f2a85e20890b257dafd29599432a4d5b941f7d13ec5462f9bb7f75b6dd20f59df
-
SSDEEP
12288:iMrdy90w1mu1TWAUTMa/KYeh1Dkt6diz4yMKm96XuSSU4Ezlo8:TyH/WAUTPehJkt6cv4u/SRIlo8
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
dogma
193.233.20.32:4125
-
auth_value
1b692976ca991040f2e8890409c35142
Targets
-
-
Target
a0d6d29157cd4035b6af75df082b57c4bc20a6fa5dbb2ec4b4df81681eb0836c
-
Size
687KB
-
MD5
f18af65f78443f399beb4104bb75832f
-
SHA1
95e68a5c39badd4d51d55dda6b8ddfd3e16e2bb2
-
SHA256
a0d6d29157cd4035b6af75df082b57c4bc20a6fa5dbb2ec4b4df81681eb0836c
-
SHA512
3437213bbf48234a42260ca690c2596b0ce6fd17e9186e201ab8030aef6d7d5f2a85e20890b257dafd29599432a4d5b941f7d13ec5462f9bb7f75b6dd20f59df
-
SSDEEP
12288:iMrdy90w1mu1TWAUTMa/KYeh1Dkt6diz4yMKm96XuSSU4Ezlo8:TyH/WAUTPehJkt6cv4u/SRIlo8
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-