Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6abcb4a7df9c0e2acf88ec8741733fb98170d2c4b92d6a2291744683469d70de

  • Size

    480KB

  • Sample

    230505-w47crsfd9v

  • MD5

    d954057442dfe125e857caccc9854045

  • SHA1

    86dd6034712a5517ee90210f650eec767ca38318

  • SHA256

    6abcb4a7df9c0e2acf88ec8741733fb98170d2c4b92d6a2291744683469d70de

  • SHA512

    6a6d83fff3cd7f2a842147eac73ca7a271cd13ad1c7a154d4600cda9d7c2369e2b087b4f1e4630a43c856c3ba2a558f05863e67abfb5222b0f30286ead8fc5cb

  • SSDEEP

    6144:Kfy+bnr+2p0yN90QERTEBKT4qvsbJEOA7RZLIgRv/gBVF91MkMvzdTMo2za8Ud7Z:RMr2y90N0z2Ovbj9+kc0VUdRnU+

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      6abcb4a7df9c0e2acf88ec8741733fb98170d2c4b92d6a2291744683469d70de

    • Size

      480KB

    • MD5

      d954057442dfe125e857caccc9854045

    • SHA1

      86dd6034712a5517ee90210f650eec767ca38318

    • SHA256

      6abcb4a7df9c0e2acf88ec8741733fb98170d2c4b92d6a2291744683469d70de

    • SHA512

      6a6d83fff3cd7f2a842147eac73ca7a271cd13ad1c7a154d4600cda9d7c2369e2b087b4f1e4630a43c856c3ba2a558f05863e67abfb5222b0f30286ead8fc5cb

    • SSDEEP

      6144:Kfy+bnr+2p0yN90QERTEBKT4qvsbJEOA7RZLIgRv/gBVF91MkMvzdTMo2za8Ud7Z:RMr2y90N0z2Ovbj9+kc0VUdRnU+

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks