Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e2845e26341a96672d8f47f3cbdd4bf9b0e2267d11b58af9d5f8e17028127976.bin

  • Size

    746KB

  • Sample

    230501-xhqnkaeb39

  • MD5

    1fee0f7b533ee66bd71dd39e41ebbb8e

  • SHA1

    17f13bf225bf3d4fdfb1958c7ef904bd5885f222

  • SHA256

    e2845e26341a96672d8f47f3cbdd4bf9b0e2267d11b58af9d5f8e17028127976

  • SHA512

    d8d838c06b1afb71ecf0fbf83298a2f168e0c712294f21893786c67725d3035cff77be98552402c264bdd28e3005b14decef20dc5300cdb1ed66b1b3c7f86a83

  • SSDEEP

    12288:6y90kxDahz4bgBvOci1Jex6PCd5A9R2392gBtFlseS8iA3WJp58amgL:6yTDadCgVO1wEPCd4IgAFlVIA3aRL

Malware Config

Targets

    • Target

      e2845e26341a96672d8f47f3cbdd4bf9b0e2267d11b58af9d5f8e17028127976.bin

    • Size

      746KB

    • MD5

      1fee0f7b533ee66bd71dd39e41ebbb8e

    • SHA1

      17f13bf225bf3d4fdfb1958c7ef904bd5885f222

    • SHA256

      e2845e26341a96672d8f47f3cbdd4bf9b0e2267d11b58af9d5f8e17028127976

    • SHA512

      d8d838c06b1afb71ecf0fbf83298a2f168e0c712294f21893786c67725d3035cff77be98552402c264bdd28e3005b14decef20dc5300cdb1ed66b1b3c7f86a83

    • SSDEEP

      12288:6y90kxDahz4bgBvOci1Jex6PCd5A9R2392gBtFlseS8iA3WJp58amgL:6yTDadCgVO1wEPCd4IgAFlVIA3aRL

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks