Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b0cd7dd83ede702aa4f26ed851cd590c7e39061910904bc5ed3f8395dd316b68

  • Size

    598KB

  • Sample

    230505-xqeahafg64

  • MD5

    4aa079464e41a903ef35421ea8ca2f5d

  • SHA1

    b5569f2e8834314ed4f26a0c4d353a6ed0eac5a9

  • SHA256

    b0cd7dd83ede702aa4f26ed851cd590c7e39061910904bc5ed3f8395dd316b68

  • SHA512

    6e53fc18b1fbd69d6628aa20a76a0c9d3783f8b7278a08fc5191bc0ec2d75982ed9d0f19ae52a01bac88adfd01afffb8489e6a9d3903e4571a456e5a9829ff6a

  • SSDEEP

    12288:oMrPy90a4MY3jVuUIq8rvO62jriqR3/QC3/dOsC8bdWeqKxhFF:3yQtjfIqWva2q9/DMsxddvF

Malware Config

Targets

    • Target

      b0cd7dd83ede702aa4f26ed851cd590c7e39061910904bc5ed3f8395dd316b68

    • Size

      598KB

    • MD5

      4aa079464e41a903ef35421ea8ca2f5d

    • SHA1

      b5569f2e8834314ed4f26a0c4d353a6ed0eac5a9

    • SHA256

      b0cd7dd83ede702aa4f26ed851cd590c7e39061910904bc5ed3f8395dd316b68

    • SHA512

      6e53fc18b1fbd69d6628aa20a76a0c9d3783f8b7278a08fc5191bc0ec2d75982ed9d0f19ae52a01bac88adfd01afffb8489e6a9d3903e4571a456e5a9829ff6a

    • SSDEEP

      12288:oMrPy90a4MY3jVuUIq8rvO62jriqR3/QC3/dOsC8bdWeqKxhFF:3yQtjfIqWva2q9/DMsxddvF

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks