Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
84c5862f16628c85a4618e5b8deea0f7dde70498589803e9bfaf9c35cd7c8d47
-
Size
982KB
-
Sample
230525-byltnaff73
-
MD5
e0d1dce047e5d786a0c3b1792e0c132c
-
SHA1
871efdab8717cb6ff59bdd82804731b96d113965
-
SHA256
84c5862f16628c85a4618e5b8deea0f7dde70498589803e9bfaf9c35cd7c8d47
-
SHA512
5a216282331f45e314ec3bc16152e8a78c3251428d47f406c28157af4f0c2bdd1385b63299b39950d9d59f40e592ec9045538a916d4930982e9a1796ed38c297
-
SSDEEP
24576:ry9MbiznEd/93kFrDlxVbjTAkBhydMAtuLFDkfJ2/5:e9g0+/JkFrDHVrAahqdEt9
Malware Config
Extracted
redline
maxi
83.97.73.122:19062
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
haval
83.97.73.122:19062
-
auth_value
d23dec6813deb04eb8abd82657a9b0af
Targets
-
-
Target
84c5862f16628c85a4618e5b8deea0f7dde70498589803e9bfaf9c35cd7c8d47
-
Size
982KB
-
MD5
e0d1dce047e5d786a0c3b1792e0c132c
-
SHA1
871efdab8717cb6ff59bdd82804731b96d113965
-
SHA256
84c5862f16628c85a4618e5b8deea0f7dde70498589803e9bfaf9c35cd7c8d47
-
SHA512
5a216282331f45e314ec3bc16152e8a78c3251428d47f406c28157af4f0c2bdd1385b63299b39950d9d59f40e592ec9045538a916d4930982e9a1796ed38c297
-
SSDEEP
24576:ry9MbiznEd/93kFrDlxVbjTAkBhydMAtuLFDkfJ2/5:e9g0+/JkFrDHVrAahqdEt9
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-