Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9fa7b13610b981c7cd872e514c3e930df25002eab3ee5c4e9c744d2995e9b785

  • Size

    1.1MB

  • Sample

    230505-xda3baee29

  • MD5

    78759a370d9984c95c657c515369afb6

  • SHA1

    bd2239398fc00e030df52bd235e5cc2d220bd742

  • SHA256

    9fa7b13610b981c7cd872e514c3e930df25002eab3ee5c4e9c744d2995e9b785

  • SHA512

    c31446fc19b703bad33d35b825f82d5f3c9321fca6edffc36efc9aa81efbe306d4746c16c3927604db9b68f924b9f95a3682cbd3ada1af360a26063e92e19281

  • SSDEEP

    24576:cy4ZlrwSR0Y397zpteD91pZAcEFtqWvduVlD3e1YgFB9Ud6zZmSM:L6lrwSR0Y39npID91pZOqWFuHD3+FB9n

Malware Config

Targets

    • Target

      9fa7b13610b981c7cd872e514c3e930df25002eab3ee5c4e9c744d2995e9b785

    • Size

      1.1MB

    • MD5

      78759a370d9984c95c657c515369afb6

    • SHA1

      bd2239398fc00e030df52bd235e5cc2d220bd742

    • SHA256

      9fa7b13610b981c7cd872e514c3e930df25002eab3ee5c4e9c744d2995e9b785

    • SHA512

      c31446fc19b703bad33d35b825f82d5f3c9321fca6edffc36efc9aa81efbe306d4746c16c3927604db9b68f924b9f95a3682cbd3ada1af360a26063e92e19281

    • SSDEEP

      24576:cy4ZlrwSR0Y397zpteD91pZAcEFtqWvduVlD3e1YgFB9Ud6zZmSM:L6lrwSR0Y39npID91pZOqWFuHD3+FB9n

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks