Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1708-2-0x0000000002390000-0x00000000023E2000-memory.dmp
-
Size
328KB
-
Sample
240807-qqta4ayhnj
-
MD5
dad5c13122ce1fda26bcda0338033442
-
SHA1
968ca9a9a9fa0979f8d8402fe7df8191f5eb8ec4
-
SHA256
e286e5c8a8753f47f375464387ac948e7cc4377553e765fcc6eecdcac0f2f02c
-
SHA512
8239371a9064c5d7f53147ee05863b8344e6d2316a20d36c9db9097a6bc836874cedf14dc0feeb9e9559c3a43dbd36d22a986e8f6a02126e9a36518f66dbde62
-
SSDEEP
3072:Jq6EgY6ixrUjhYMLwPc0Gi3ZSXxTAvtASKutcZqf7D349eqiOLibBOb:YqY6ikwPCiShTAFAQtcZqf7DIHL
Malware Config
Extracted
redline
@mass1vexdd
185.196.9.26:6302
Targets
-
-
Target
1708-2-0x0000000002390000-0x00000000023E2000-memory.dmp
-
Size
328KB
-
MD5
dad5c13122ce1fda26bcda0338033442
-
SHA1
968ca9a9a9fa0979f8d8402fe7df8191f5eb8ec4
-
SHA256
e286e5c8a8753f47f375464387ac948e7cc4377553e765fcc6eecdcac0f2f02c
-
SHA512
8239371a9064c5d7f53147ee05863b8344e6d2316a20d36c9db9097a6bc836874cedf14dc0feeb9e9559c3a43dbd36d22a986e8f6a02126e9a36518f66dbde62
-
SSDEEP
3072:Jq6EgY6ixrUjhYMLwPc0Gi3ZSXxTAvtASKutcZqf7D349eqiOLibBOb:YqY6ikwPCiShTAFAQtcZqf7DIHL
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2