Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dff289a0a6c872d0b7fdc8abc1bae9663fa7d696dd77107f43bc4b6fb1fb3e9d

  • Size

    479KB

  • Sample

    230505-ytbjfsbe37

  • MD5

    12b434b14f0b99a862f43c64ace41124

  • SHA1

    6e6a1d8470622c4f3a21dddfca13b27ffe9446ad

  • SHA256

    dff289a0a6c872d0b7fdc8abc1bae9663fa7d696dd77107f43bc4b6fb1fb3e9d

  • SHA512

    de361f943abd39064556536e46b6caa049388d24c21544934332a0b03614e0c255e6fb4ede163e5faa282f3b6eddb3040471a5e9354bf4a4a9009b993ebac2c9

  • SSDEEP

    12288:pMr+y90LU+bWrT3zAE8aF01eMTzkVJWPVJ2:vyj+bA7z1W1eIzPVU

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      dff289a0a6c872d0b7fdc8abc1bae9663fa7d696dd77107f43bc4b6fb1fb3e9d

    • Size

      479KB

    • MD5

      12b434b14f0b99a862f43c64ace41124

    • SHA1

      6e6a1d8470622c4f3a21dddfca13b27ffe9446ad

    • SHA256

      dff289a0a6c872d0b7fdc8abc1bae9663fa7d696dd77107f43bc4b6fb1fb3e9d

    • SHA512

      de361f943abd39064556536e46b6caa049388d24c21544934332a0b03614e0c255e6fb4ede163e5faa282f3b6eddb3040471a5e9354bf4a4a9009b993ebac2c9

    • SSDEEP

      12288:pMr+y90LU+bWrT3zAE8aF01eMTzkVJWPVJ2:vyj+bA7z1W1eIzPVU

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks