Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    64bc5be8e323b038ba78d702390c12aa4ddfa3f34afd515a61ede1833a2741a8

  • Size

    587KB

  • Sample

    230505-w4jlpsfd3y

  • MD5

    fbf537cc0ac02ea7aa7aa5bc0671863f

  • SHA1

    884c98ee8b72763589a0d806da6d678710993943

  • SHA256

    64bc5be8e323b038ba78d702390c12aa4ddfa3f34afd515a61ede1833a2741a8

  • SHA512

    6314170c1df6c87aa8731dd1eb553e8a5e21b547273bbb0c3cee40d4da5391f201c753057e7f4c15e7a06a0bb0f485bfa213b44a01085a7899d730e0d9f3d605

  • SSDEEP

    12288:uMrFy90yalWUP2uJvwRLIrMfccbPLACo34kbe:zyAzPnaRL7fVbPU1C

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      64bc5be8e323b038ba78d702390c12aa4ddfa3f34afd515a61ede1833a2741a8

    • Size

      587KB

    • MD5

      fbf537cc0ac02ea7aa7aa5bc0671863f

    • SHA1

      884c98ee8b72763589a0d806da6d678710993943

    • SHA256

      64bc5be8e323b038ba78d702390c12aa4ddfa3f34afd515a61ede1833a2741a8

    • SHA512

      6314170c1df6c87aa8731dd1eb553e8a5e21b547273bbb0c3cee40d4da5391f201c753057e7f4c15e7a06a0bb0f485bfa213b44a01085a7899d730e0d9f3d605

    • SSDEEP

      12288:uMrFy90yalWUP2uJvwRLIrMfccbPLACo34kbe:zyAzPnaRL7fVbPU1C

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks