Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    177397ad62413fc008bd3836d10109abed11c001b42bb4be9d359be2ebb05793

  • Size

    567KB

  • Sample

    230505-wsmtzsea3s

  • MD5

    9997fd3175f50c1e35624662175bdbd6

  • SHA1

    34ba74cf508783b78f63dd70c791b8aad0dca1bb

  • SHA256

    177397ad62413fc008bd3836d10109abed11c001b42bb4be9d359be2ebb05793

  • SHA512

    477b5b154f7e0ad8babadd13755af0aaed4ce23180cfa0fd03c752e7272e88f16bba233f80b8987c325d31fbcf74ded1a81dee0088970fbf6ac8bdf10753b81c

  • SSDEEP

    12288:5MrZy90GIn3fD4C9ePFiV0BgJm6iWGcZPi4RS4hT8UBlu:Yyk3fDDec0BgE6iWXZqMSsTnS

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      177397ad62413fc008bd3836d10109abed11c001b42bb4be9d359be2ebb05793

    • Size

      567KB

    • MD5

      9997fd3175f50c1e35624662175bdbd6

    • SHA1

      34ba74cf508783b78f63dd70c791b8aad0dca1bb

    • SHA256

      177397ad62413fc008bd3836d10109abed11c001b42bb4be9d359be2ebb05793

    • SHA512

      477b5b154f7e0ad8babadd13755af0aaed4ce23180cfa0fd03c752e7272e88f16bba233f80b8987c325d31fbcf74ded1a81dee0088970fbf6ac8bdf10753b81c

    • SSDEEP

      12288:5MrZy90GIn3fD4C9ePFiV0BgJm6iWGcZPi4RS4hT8UBlu:Yyk3fDDec0BgE6iWXZqMSsTnS

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks