Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6c0f284efeee6081f0ef017eedffaea7a0446353ae2530197e634563d18729a3

  • Size

    1.5MB

  • Sample

    230505-w5drvadd79

  • MD5

    54bae34701e2491efa3453c23a9c4107

  • SHA1

    535b6c90c35be960e9d5c6a202ddecbaa4633c0e

  • SHA256

    6c0f284efeee6081f0ef017eedffaea7a0446353ae2530197e634563d18729a3

  • SHA512

    908a1ae915f9da70da6ebe0cf802a6e2f09a8e9ad6512cfb914850b5514516b0f92cf4599fc3cf4ffd8698bffc6c0ef8c066ba610c5a6ff134ee4041be985a5f

  • SSDEEP

    24576:3yJVP9BP6tE0j7Ytwom33ueGwVZUUo9FILxtwcWp0WnYR3haSIuZLDI0:Cb9BytEzTm3eef5YIoCO63USH4

Malware Config

Extracted

Family

redline

Botnet

mazda

C2

217.196.96.56:4138

Attributes
  • auth_value

    3d2870537d84a4c6d7aeecd002871c51

Extracted

Family

redline

Botnet

boom

C2

217.196.96.56:4138

Attributes
  • auth_value

    1ce6aebe15bac07a7bc88b114bc49335

Targets

    • Target

      6c0f284efeee6081f0ef017eedffaea7a0446353ae2530197e634563d18729a3

    • Size

      1.5MB

    • MD5

      54bae34701e2491efa3453c23a9c4107

    • SHA1

      535b6c90c35be960e9d5c6a202ddecbaa4633c0e

    • SHA256

      6c0f284efeee6081f0ef017eedffaea7a0446353ae2530197e634563d18729a3

    • SHA512

      908a1ae915f9da70da6ebe0cf802a6e2f09a8e9ad6512cfb914850b5514516b0f92cf4599fc3cf4ffd8698bffc6c0ef8c066ba610c5a6ff134ee4041be985a5f

    • SSDEEP

      24576:3yJVP9BP6tE0j7Ytwom33ueGwVZUUo9FILxtwcWp0WnYR3haSIuZLDI0:Cb9BytEzTm3eef5YIoCO63USH4

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks