Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ad10f76874450aa585365f1e05d3bc1e5df88c5b61696c8a5523931acaee7d7a.bin

  • Size

    1.1MB

  • Sample

    230505-xl5a5afe23

  • MD5

    6fc5f258dc77328b2a33ae3c6903c3c0

  • SHA1

    66a45543debc494105453aa99e3aeaf915e53a8e

  • SHA256

    ad10f76874450aa585365f1e05d3bc1e5df88c5b61696c8a5523931acaee7d7a

  • SHA512

    43796fce34dca8073a493278be4c58b3294798df4e77dd32194fe8849eae49b819c58494aa17d74595c6d66ef9fbc754002d8fccce8f5a37998e5115e8269388

  • SSDEEP

    24576:MyczIuAs0JQ3wxEKBq4P+B+r3/u69zOsHxZbILtt:7qAVQ3ZKB70+zm69zRbYt

Malware Config

Targets

    • Target

      ad10f76874450aa585365f1e05d3bc1e5df88c5b61696c8a5523931acaee7d7a.bin

    • Size

      1.1MB

    • MD5

      6fc5f258dc77328b2a33ae3c6903c3c0

    • SHA1

      66a45543debc494105453aa99e3aeaf915e53a8e

    • SHA256

      ad10f76874450aa585365f1e05d3bc1e5df88c5b61696c8a5523931acaee7d7a

    • SHA512

      43796fce34dca8073a493278be4c58b3294798df4e77dd32194fe8849eae49b819c58494aa17d74595c6d66ef9fbc754002d8fccce8f5a37998e5115e8269388

    • SSDEEP

      24576:MyczIuAs0JQ3wxEKBq4P+B+r3/u69zOsHxZbILtt:7qAVQ3ZKB70+zm69zRbYt

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks