Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e6a4e7f0d85c167f28c00084c100d394769cd40aba6ebb30a05cff5b19eea25a.bin

  • Size

    747KB

  • Sample

    230501-xkwycsed45

  • MD5

    30e510cf8927bd6359adff1cf5745d8f

  • SHA1

    1fef501bb23e0b88a375b0ef064c7d60acab0066

  • SHA256

    e6a4e7f0d85c167f28c00084c100d394769cd40aba6ebb30a05cff5b19eea25a

  • SHA512

    f92a6bd90c28edea7cf5916be6f47779b80f4609e13332ddf97d23862170f660c0657fda52cd2b0ccc3e998ada5f2b0176cbacd167f2cb4e1e3b237ef68220a0

  • SSDEEP

    12288:oy90YU612b+HDoEr+UvxJzm5E4paUgzcaXClat7I5bE4w52vok+:oy+612bE8ErhINpMzcaXCsR2bEZn5

Malware Config

Targets

    • Target

      e6a4e7f0d85c167f28c00084c100d394769cd40aba6ebb30a05cff5b19eea25a.bin

    • Size

      747KB

    • MD5

      30e510cf8927bd6359adff1cf5745d8f

    • SHA1

      1fef501bb23e0b88a375b0ef064c7d60acab0066

    • SHA256

      e6a4e7f0d85c167f28c00084c100d394769cd40aba6ebb30a05cff5b19eea25a

    • SHA512

      f92a6bd90c28edea7cf5916be6f47779b80f4609e13332ddf97d23862170f660c0657fda52cd2b0ccc3e998ada5f2b0176cbacd167f2cb4e1e3b237ef68220a0

    • SSDEEP

      12288:oy90YU612b+HDoEr+UvxJzm5E4paUgzcaXClat7I5bE4w52vok+:oy+612bE8ErhINpMzcaXCsR2bEZn5

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks