Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5b5060bfcb1f0633fc56ef13f1b224095aaf8d64284b09639ac34d54c9d09f74
-
Size
585KB
-
Sample
230606-ssvytaec64
-
MD5
0415bb6aee1df9f71ecffe14f537c363
-
SHA1
2d762d61dc1930e12a5e36628fda3a5c960a0e2c
-
SHA256
5b5060bfcb1f0633fc56ef13f1b224095aaf8d64284b09639ac34d54c9d09f74
-
SHA512
ddffa01b2414e0b694b45a357fc499685e306ca8e77a2c6c8e4693e17f5ffa406598cd263020cc60cce2b1be805af6547c38bf5a91eaf88066e11d1686a332c0
-
SSDEEP
12288:KMrWy90ILho/DJV9pYr0Jyp4/uCZz7PZpj1lAiz+g:wyLLh2mcuC/lA4
Malware Config
Extracted
redline
diza
83.97.73.126:19048
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
5b5060bfcb1f0633fc56ef13f1b224095aaf8d64284b09639ac34d54c9d09f74
-
Size
585KB
-
MD5
0415bb6aee1df9f71ecffe14f537c363
-
SHA1
2d762d61dc1930e12a5e36628fda3a5c960a0e2c
-
SHA256
5b5060bfcb1f0633fc56ef13f1b224095aaf8d64284b09639ac34d54c9d09f74
-
SHA512
ddffa01b2414e0b694b45a357fc499685e306ca8e77a2c6c8e4693e17f5ffa406598cd263020cc60cce2b1be805af6547c38bf5a91eaf88066e11d1686a332c0
-
SSDEEP
12288:KMrWy90ILho/DJV9pYr0Jyp4/uCZz7PZpj1lAiz+g:wyLLh2mcuC/lA4
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-