Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dfae8f819ffd5eedff28d22c04c632a18a32dca85901207cdc5c878d37cd56a6.bin

  • Size

    687KB

  • Sample

    230501-xfnq7aff7y

  • MD5

    28ff621758160f1b33d532bab870f7e2

  • SHA1

    713733f18f619b41b86fe88a742cbc84e9969050

  • SHA256

    dfae8f819ffd5eedff28d22c04c632a18a32dca85901207cdc5c878d37cd56a6

  • SHA512

    783c7bb8cc0997393380821844fa9871414bc9ad8b3b0397fc5574f1da900b97254dadf811a9e30b9ea95f6e57ef875b2337dc04b1f13a941a5924e48ded586f

  • SSDEEP

    12288:Uy90/8a3KNIF/aYWyCS42OI6QBDuYOCF5NLvB/wMfyseT2ziKhw8:UyA0wilSVOI6cuzC7NVrfyseyzL5

Malware Config

Targets

    • Target

      dfae8f819ffd5eedff28d22c04c632a18a32dca85901207cdc5c878d37cd56a6.bin

    • Size

      687KB

    • MD5

      28ff621758160f1b33d532bab870f7e2

    • SHA1

      713733f18f619b41b86fe88a742cbc84e9969050

    • SHA256

      dfae8f819ffd5eedff28d22c04c632a18a32dca85901207cdc5c878d37cd56a6

    • SHA512

      783c7bb8cc0997393380821844fa9871414bc9ad8b3b0397fc5574f1da900b97254dadf811a9e30b9ea95f6e57ef875b2337dc04b1f13a941a5924e48ded586f

    • SSDEEP

      12288:Uy90/8a3KNIF/aYWyCS42OI6QBDuYOCF5NLvB/wMfyseT2ziKhw8:UyA0wilSVOI6cuzC7NVrfyseyzL5

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks