Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d3b3437d6ea7a02c992585b5cf2b2c34fb7c4b93b81e4407ae7d7d3ee5def890.bin

  • Size

    690KB

  • Sample

    230501-w868kadc52

  • MD5

    c739646777bfd5d1ae7da944ad269ac3

  • SHA1

    d98aca4ac920187c5332a85100ced78017feed0c

  • SHA256

    d3b3437d6ea7a02c992585b5cf2b2c34fb7c4b93b81e4407ae7d7d3ee5def890

  • SHA512

    f34e727e6126821eeb8c8d7ddbf65f0f7fa972718c24cbc2b6fd2e1134378c8ee5a438ef7c5650ca4db405a2dcee6cb20fde687719177b93fa41b10144a3acc7

  • SSDEEP

    12288:Jy90NVXamCIhcVExQBlYGPDqbH7/mAbrLari36NaT3Hc8/oXHyy:Jy8VXcVEW74H7+Ab3ari360T3c85y

Malware Config

Targets

    • Target

      d3b3437d6ea7a02c992585b5cf2b2c34fb7c4b93b81e4407ae7d7d3ee5def890.bin

    • Size

      690KB

    • MD5

      c739646777bfd5d1ae7da944ad269ac3

    • SHA1

      d98aca4ac920187c5332a85100ced78017feed0c

    • SHA256

      d3b3437d6ea7a02c992585b5cf2b2c34fb7c4b93b81e4407ae7d7d3ee5def890

    • SHA512

      f34e727e6126821eeb8c8d7ddbf65f0f7fa972718c24cbc2b6fd2e1134378c8ee5a438ef7c5650ca4db405a2dcee6cb20fde687719177b93fa41b10144a3acc7

    • SSDEEP

      12288:Jy90NVXamCIhcVExQBlYGPDqbH7/mAbrLari36NaT3Hc8/oXHyy:Jy8VXcVEW74H7+Ab3ari360T3c85y

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks