Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f10a09568a87e6c91c1c07cf7eb5b87aaf469aa7d0d3ddefe5a3a01b12308f2d.bin

  • Size

    746KB

  • Sample

    230501-xyvmfsgh3w

  • MD5

    4b53634946708eb662a8a377edac685d

  • SHA1

    c97e4612369703bd8b807628582c3451601e05cf

  • SHA256

    f10a09568a87e6c91c1c07cf7eb5b87aaf469aa7d0d3ddefe5a3a01b12308f2d

  • SHA512

    9ae1551fe7162c26b2dddc36e04ba69f8246ea011d7c328a2dbd292a194f9a978d4090cf66c2edcead525c59a195ac333bcdcacc085a01ef59c66bdbdb90d61d

  • SSDEEP

    12288:Ny90HFiljGXWvJFKxRUHo9kQ68pGEvrr9axBtAosAr0wp+xcxxtqd:NyKdmGxKI9k1BQrkJAoGxcXkd

Malware Config

Targets

    • Target

      f10a09568a87e6c91c1c07cf7eb5b87aaf469aa7d0d3ddefe5a3a01b12308f2d.bin

    • Size

      746KB

    • MD5

      4b53634946708eb662a8a377edac685d

    • SHA1

      c97e4612369703bd8b807628582c3451601e05cf

    • SHA256

      f10a09568a87e6c91c1c07cf7eb5b87aaf469aa7d0d3ddefe5a3a01b12308f2d

    • SHA512

      9ae1551fe7162c26b2dddc36e04ba69f8246ea011d7c328a2dbd292a194f9a978d4090cf66c2edcead525c59a195ac333bcdcacc085a01ef59c66bdbdb90d61d

    • SSDEEP

      12288:Ny90HFiljGXWvJFKxRUHo9kQ68pGEvrr9axBtAosAr0wp+xcxxtqd:NyKdmGxKI9k1BQrkJAoGxcXkd

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks