Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
737a2ad71df51cec4e94610c2891bf664ce6b81a79d08bb8e91da05fbf164e62
-
Size
740KB
-
Sample
230606-mmg7wadb99
-
MD5
490cc340e3f63ca132962f67ec44bdbe
-
SHA1
3e49a6337dc0f30110624f25d58f7d77f698cfd5
-
SHA256
737a2ad71df51cec4e94610c2891bf664ce6b81a79d08bb8e91da05fbf164e62
-
SHA512
77fa05af47bbdba47ec540cfbc4e6bdb9601167cbb610169d5f97e82f4dd636fde8bae08bf79077a52d61f6f76edebe0277a3a27192257a9597aef57a916a27e
-
SSDEEP
12288:RMrAy908Ad/YispZBn1FnjETlH2iRxCpdBzHbVxvdbFsGut+r3wTzW:hy41YiSfnj4HCpPz7FFsGw+ca
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
737a2ad71df51cec4e94610c2891bf664ce6b81a79d08bb8e91da05fbf164e62
-
Size
740KB
-
MD5
490cc340e3f63ca132962f67ec44bdbe
-
SHA1
3e49a6337dc0f30110624f25d58f7d77f698cfd5
-
SHA256
737a2ad71df51cec4e94610c2891bf664ce6b81a79d08bb8e91da05fbf164e62
-
SHA512
77fa05af47bbdba47ec540cfbc4e6bdb9601167cbb610169d5f97e82f4dd636fde8bae08bf79077a52d61f6f76edebe0277a3a27192257a9597aef57a916a27e
-
SSDEEP
12288:RMrAy908Ad/YispZBn1FnjETlH2iRxCpdBzHbVxvdbFsGut+r3wTzW:hy41YiSfnj4HCpPz7FFsGw+ca
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-