Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5b1a0da1e9cbb380b0692073dd1f036dcb920d7df7e0967744f00cac9fd6dc3d
-
Size
479KB
-
Sample
230508-znhw1scf82
-
MD5
4273929f460efa3c6bad7d61b291e7a3
-
SHA1
839b2c23b5210841e391c7236c4a82f121736029
-
SHA256
5b1a0da1e9cbb380b0692073dd1f036dcb920d7df7e0967744f00cac9fd6dc3d
-
SHA512
010da4467f3b479732a015c3d1d8818bf976bf3a3a7e1db10375bace905b67da4ba98c8b805b95e66db61f7599dc60daa19fb80fb51e947ff4acad366558be26
-
SSDEEP
6144:Kpy+bnr+qp0yN90QEtTvSovepEUIcnebXkzmBS2QqY+aget9R252UoXAqrnAlygo:bMrqy907vDc609GY+agEZOB4eBc
Malware Config
Extracted
redline
dumud
217.196.96.101:4132
-
auth_value
3e18d4b90418aa3e78d8822e87c62f5c
Targets
-
-
Target
5b1a0da1e9cbb380b0692073dd1f036dcb920d7df7e0967744f00cac9fd6dc3d
-
Size
479KB
-
MD5
4273929f460efa3c6bad7d61b291e7a3
-
SHA1
839b2c23b5210841e391c7236c4a82f121736029
-
SHA256
5b1a0da1e9cbb380b0692073dd1f036dcb920d7df7e0967744f00cac9fd6dc3d
-
SHA512
010da4467f3b479732a015c3d1d8818bf976bf3a3a7e1db10375bace905b67da4ba98c8b805b95e66db61f7599dc60daa19fb80fb51e947ff4acad366558be26
-
SSDEEP
6144:Kpy+bnr+qp0yN90QEtTvSovepEUIcnebXkzmBS2QqY+aget9R252UoXAqrnAlygo:bMrqy907vDc609GY+agEZOB4eBc
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-