Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
12cac791fafc11ccb103abd3873562fc176b7da4d182be1cf486f028a9063593.exe
-
Size
315KB
-
Sample
240826-bdcp9axejl
-
MD5
0f9a7390c4a71cae8b2e709695fdd05b
-
SHA1
e380542376968be946f8ba7fabbd7b2065ff392d
-
SHA256
12cac791fafc11ccb103abd3873562fc176b7da4d182be1cf486f028a9063593
-
SHA512
0cfa9287bc2e5150e506315178e490984aadd6f8de1305db9dd28c37ddd2d6d691cb859ceb7979224c59b91562985cd178c025cf9e72cabfac147eadc66356e3
-
SSDEEP
6144:II8XYYyOCPtqXY1J5v+aarO28SuhAZ3tr2T9LManjK92NbaauJo3G:II8Xvy7N+aA18g8/n+3o2
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
147.45.47.36:14537
Targets
-
-
Target
12cac791fafc11ccb103abd3873562fc176b7da4d182be1cf486f028a9063593.exe
-
Size
315KB
-
MD5
0f9a7390c4a71cae8b2e709695fdd05b
-
SHA1
e380542376968be946f8ba7fabbd7b2065ff392d
-
SHA256
12cac791fafc11ccb103abd3873562fc176b7da4d182be1cf486f028a9063593
-
SHA512
0cfa9287bc2e5150e506315178e490984aadd6f8de1305db9dd28c37ddd2d6d691cb859ceb7979224c59b91562985cd178c025cf9e72cabfac147eadc66356e3
-
SSDEEP
6144:II8XYYyOCPtqXY1J5v+aarO28SuhAZ3tr2T9LManjK92NbaauJo3G:II8Xvy7N+aA18g8/n+3o2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2