Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3ee8b3c6a4e851f6ec86334640de5341ba5cc7a91c015cec5738f19bd8cf8c8b
-
Size
479KB
-
Sample
230508-zeq62aed71
-
MD5
a1d7227ae82f91ce5782e7eacb10eb3e
-
SHA1
47020541bfc03ce390e44d507df928547a840d61
-
SHA256
3ee8b3c6a4e851f6ec86334640de5341ba5cc7a91c015cec5738f19bd8cf8c8b
-
SHA512
0bbc2738b2398eeda62262c6de74adb84e5867c1735a6b63118d29046058aa6adc4ada0389d59e9f9d5760a3039d3af0edb3d136a2e64a0a89b5f558977d5d2e
-
SSDEEP
12288:PMr8y90zhb7b5YU44AEhQT3Idrlr+N9nD8KyUWxAK1N:vyMhb6U44AEhAY7r+DUKkN
Malware Config
Extracted
redline
dumud
217.196.96.101:4132
-
auth_value
3e18d4b90418aa3e78d8822e87c62f5c
Targets
-
-
Target
3ee8b3c6a4e851f6ec86334640de5341ba5cc7a91c015cec5738f19bd8cf8c8b
-
Size
479KB
-
MD5
a1d7227ae82f91ce5782e7eacb10eb3e
-
SHA1
47020541bfc03ce390e44d507df928547a840d61
-
SHA256
3ee8b3c6a4e851f6ec86334640de5341ba5cc7a91c015cec5738f19bd8cf8c8b
-
SHA512
0bbc2738b2398eeda62262c6de74adb84e5867c1735a6b63118d29046058aa6adc4ada0389d59e9f9d5760a3039d3af0edb3d136a2e64a0a89b5f558977d5d2e
-
SSDEEP
12288:PMr8y90zhb7b5YU44AEhQT3Idrlr+N9nD8KyUWxAK1N:vyMhb6U44AEhAY7r+DUKkN
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-