Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d24fab703687c34e5e03f54a50d15c78e0db5325d58ab558e70eb7d59ad5be88.bin

  • Size

    1.1MB

  • Sample

    230501-w8gb5seh2z

  • MD5

    53c58e13348a4b083d8eaaf7ce8e4eb0

  • SHA1

    9688af8bd0be365481b5107e9402e858454bbe32

  • SHA256

    d24fab703687c34e5e03f54a50d15c78e0db5325d58ab558e70eb7d59ad5be88

  • SHA512

    dc0ec97315cd537f84eb00a94ee0f303e4d01508553fe1e59646a398a24bf4dd44103f527bcaf8a92319162f1b816efe25624b36e2f43e798231a5f19d8ada49

  • SSDEEP

    24576:6yrOTG+QBC9zmAtg3YHiLicuksxDswqRh2K4OZ:BrYG+QBShtr8icuTps5Rh2K

Malware Config

Targets

    • Target

      d24fab703687c34e5e03f54a50d15c78e0db5325d58ab558e70eb7d59ad5be88.bin

    • Size

      1.1MB

    • MD5

      53c58e13348a4b083d8eaaf7ce8e4eb0

    • SHA1

      9688af8bd0be365481b5107e9402e858454bbe32

    • SHA256

      d24fab703687c34e5e03f54a50d15c78e0db5325d58ab558e70eb7d59ad5be88

    • SHA512

      dc0ec97315cd537f84eb00a94ee0f303e4d01508553fe1e59646a398a24bf4dd44103f527bcaf8a92319162f1b816efe25624b36e2f43e798231a5f19d8ada49

    • SSDEEP

      24576:6yrOTG+QBC9zmAtg3YHiLicuksxDswqRh2K4OZ:BrYG+QBShtr8icuTps5Rh2K

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks