Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d24fab703687c34e5e03f54a50d15c78e0db5325d58ab558e70eb7d59ad5be88.bin
-
Size
1.1MB
-
Sample
230501-w8gb5seh2z
-
MD5
53c58e13348a4b083d8eaaf7ce8e4eb0
-
SHA1
9688af8bd0be365481b5107e9402e858454bbe32
-
SHA256
d24fab703687c34e5e03f54a50d15c78e0db5325d58ab558e70eb7d59ad5be88
-
SHA512
dc0ec97315cd537f84eb00a94ee0f303e4d01508553fe1e59646a398a24bf4dd44103f527bcaf8a92319162f1b816efe25624b36e2f43e798231a5f19d8ada49
-
SSDEEP
24576:6yrOTG+QBC9zmAtg3YHiLicuksxDswqRh2K4OZ:BrYG+QBShtr8icuTps5Rh2K
Malware Config
Targets
-
-
Target
d24fab703687c34e5e03f54a50d15c78e0db5325d58ab558e70eb7d59ad5be88.bin
-
Size
1.1MB
-
MD5
53c58e13348a4b083d8eaaf7ce8e4eb0
-
SHA1
9688af8bd0be365481b5107e9402e858454bbe32
-
SHA256
d24fab703687c34e5e03f54a50d15c78e0db5325d58ab558e70eb7d59ad5be88
-
SHA512
dc0ec97315cd537f84eb00a94ee0f303e4d01508553fe1e59646a398a24bf4dd44103f527bcaf8a92319162f1b816efe25624b36e2f43e798231a5f19d8ada49
-
SSDEEP
24576:6yrOTG+QBC9zmAtg3YHiLicuksxDswqRh2K4OZ:BrYG+QBShtr8icuTps5Rh2K
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-