Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
05200499.exe
-
Size
580KB
-
Sample
230604-xlcacadg9s
-
MD5
4ec4e3c61d59d98c654bb9a2e5853000
-
SHA1
29cebf9a339cfad22262e80c387ffcb874a5eb4e
-
SHA256
f4b092f5f134e9cfce7e29d2f9774092e408d8b20a619a63010872c24e1f8484
-
SHA512
07afd2ed9bbfdf803e2aade5629fb71accefcd4ba419dbda9abdb51e0d0bdfbdf4449fb429bf501834729dcd70b120c3bb8f40b038ccf86c20ecd56ae5b2bfe9
-
SSDEEP
12288:EMrpy90rQvZPEO1ia64hTVT0hTUtn85x/OXPcVNQCUkFMHGdHQ:NyHvBvTV9h8XmXkVW3Iw
Malware Config
Extracted
redline
diza
83.97.73.126:19046
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
05200499.exe
-
Size
580KB
-
MD5
4ec4e3c61d59d98c654bb9a2e5853000
-
SHA1
29cebf9a339cfad22262e80c387ffcb874a5eb4e
-
SHA256
f4b092f5f134e9cfce7e29d2f9774092e408d8b20a619a63010872c24e1f8484
-
SHA512
07afd2ed9bbfdf803e2aade5629fb71accefcd4ba419dbda9abdb51e0d0bdfbdf4449fb429bf501834729dcd70b120c3bb8f40b038ccf86c20ecd56ae5b2bfe9
-
SSDEEP
12288:EMrpy90rQvZPEO1ia64hTVT0hTUtn85x/OXPcVNQCUkFMHGdHQ:NyHvBvTV9h8XmXkVW3Iw
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-