Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6332d27f3ef783ab3e7cec3b08678da16f27cb28f4e477e5678a14b491150607

  • Size

    587KB

  • Sample

    230505-w4c4xsfc91

  • MD5

    7e7983630beaf3e8168bad43893c1761

  • SHA1

    42a7bf6b71909c652e8c47d476ea637d696613b3

  • SHA256

    6332d27f3ef783ab3e7cec3b08678da16f27cb28f4e477e5678a14b491150607

  • SHA512

    331d0bd8797147cbf5a4fe34a66b9fab9336c1b9c55e84c46b174b7f81082b5044817217919d7f1f55343014b544fe1757a141c8d2f363ba7910100b4d709e80

  • SSDEEP

    12288:nMrHy90NU+2R37ye8zx71KneSYRk4SxFnyaK586xvdkz17jUo2:wyZ+ztQeSYaxFIqCvdu1752

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      6332d27f3ef783ab3e7cec3b08678da16f27cb28f4e477e5678a14b491150607

    • Size

      587KB

    • MD5

      7e7983630beaf3e8168bad43893c1761

    • SHA1

      42a7bf6b71909c652e8c47d476ea637d696613b3

    • SHA256

      6332d27f3ef783ab3e7cec3b08678da16f27cb28f4e477e5678a14b491150607

    • SHA512

      331d0bd8797147cbf5a4fe34a66b9fab9336c1b9c55e84c46b174b7f81082b5044817217919d7f1f55343014b544fe1757a141c8d2f363ba7910100b4d709e80

    • SSDEEP

      12288:nMrHy90NU+2R37ye8zx71KneSYRk4SxFnyaK586xvdkz17jUo2:wyZ+ztQeSYaxFIqCvdu1752

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks