Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

54259854d6...3e.exe

windows7-x64

10

54259854d6...3e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54259854d6c513fd408a76b03e1d72f326d6c18527c7114358485e936b10353e

  • Size

    1.2MB

  • Sample

    230505-w2ke8ada65

  • MD5

    d5fb730b57b9c2ba513d4482384dea5b

  • SHA1

    d276dd4a87c0be18317ac7ce531f72bd7a8eeedd

  • SHA256

    54259854d6c513fd408a76b03e1d72f326d6c18527c7114358485e936b10353e

  • SHA512

    cf57397b2de119b9be32ca922b72d12fd68ef5113fe80a44af2edf15831a956233949474026998903a89f8c3c275345ee5c2f59ba4d93c61bbdf387ed9ec4b40

  • SSDEEP

    24576:3yn2smzBd1f8LQesIpt5QWUUFvpphY9rBC18iDCMVQe4hMHaQ1o:C2smzBd1fqhvQWUUHIrBC1th4hMHa

Score
10/10
redlinediscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      54259854d6c513fd408a76b03e1d72f326d6c18527c7114358485e936b10353e

    • Size

      1.2MB

    • MD5

      d5fb730b57b9c2ba513d4482384dea5b

    • SHA1

      d276dd4a87c0be18317ac7ce531f72bd7a8eeedd

    • SHA256

      54259854d6c513fd408a76b03e1d72f326d6c18527c7114358485e936b10353e

    • SHA512

      cf57397b2de119b9be32ca922b72d12fd68ef5113fe80a44af2edf15831a956233949474026998903a89f8c3c275345ee5c2f59ba4d93c61bbdf387ed9ec4b40

    • SSDEEP

      24576:3yn2smzBd1f8LQesIpt5QWUUFvpphY9rBC18iDCMVQe4hMHaQ1o:C2smzBd1fqhvQWUUHIrBC1th4hMHa

    Score
    10/10
    discoveryevasionpersistencespywarestealertrojanredlineinfostealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks