Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

01/05/2023, 21:08

230501-zyw7dsae8t 10

01/05/2023, 20:38

230501-zev5zsgf62 10

General

  • Target

    4995f30f4b777655dd0aa5dcb9a2a6e867df99a39b43a48a9f4a19a90be66b30

  • Size

    794KB

  • Sample

    230501-zyw7dsae8t

  • MD5

    fae553705958b46d8114557115cc3d87

  • SHA1

    81fc9c3d22adc12696f159b97181ae8de34ee047

  • SHA256

    4995f30f4b777655dd0aa5dcb9a2a6e867df99a39b43a48a9f4a19a90be66b30

  • SHA512

    b418eb01ec5331adf8a3675d87f1d26d5fe9b4704665e91eb36f9c0f5eef8b84bbd19b6c80cda5360ec91519ea73e69a2e0b0eba272e3c64d4f2ea8d1ee579d4

  • SSDEEP

    12288:ey90f8YlxtrgUIT3f8HT3m5quo4qy+duGgJQ9DHcyfUqmdtbBlj:eyCxtEMahGVD9ZUq8tL

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dork

C2

185.161.248.73:4164

Attributes
  • auth_value

    e81be7d6cfb453cc812e1b4890eeadad

Targets

    • Target

      4995f30f4b777655dd0aa5dcb9a2a6e867df99a39b43a48a9f4a19a90be66b30

    • Size

      794KB

    • MD5

      fae553705958b46d8114557115cc3d87

    • SHA1

      81fc9c3d22adc12696f159b97181ae8de34ee047

    • SHA256

      4995f30f4b777655dd0aa5dcb9a2a6e867df99a39b43a48a9f4a19a90be66b30

    • SHA512

      b418eb01ec5331adf8a3675d87f1d26d5fe9b4704665e91eb36f9c0f5eef8b84bbd19b6c80cda5360ec91519ea73e69a2e0b0eba272e3c64d4f2ea8d1ee579d4

    • SSDEEP

      12288:ey90f8YlxtrgUIT3f8HT3m5quo4qy+duGgJQ9DHcyfUqmdtbBlj:eyCxtEMahGVD9ZUq8tL

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks