Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b7ff613d7cb7771d2b00757cd79a0cf2894bb9d73ee91532912758282843d62d.bin

  • Size

    1.1MB

  • Sample

    230505-xvx86sgc73

  • MD5

    c097c4b43432fcecbcb01709e64b85d9

  • SHA1

    33ac96a6ce12c375fea3709b874e97ce19f6c5aa

  • SHA256

    b7ff613d7cb7771d2b00757cd79a0cf2894bb9d73ee91532912758282843d62d

  • SHA512

    c98b7328872c71b7038248c21ff538155f893ec9a4b66cd997e26b430424ef69a9e5a7683e57624791f02cd0378adb3f631440f90ead1122ac119e47270c71a4

  • SSDEEP

    24576:KyQuROkmQEe+omCvUPHd2LdKbGdiY6F0L8bSjAGmf:RQuwJxe+oTUV2LG9P0QmkGm

Malware Config

Targets

    • Target

      b7ff613d7cb7771d2b00757cd79a0cf2894bb9d73ee91532912758282843d62d.bin

    • Size

      1.1MB

    • MD5

      c097c4b43432fcecbcb01709e64b85d9

    • SHA1

      33ac96a6ce12c375fea3709b874e97ce19f6c5aa

    • SHA256

      b7ff613d7cb7771d2b00757cd79a0cf2894bb9d73ee91532912758282843d62d

    • SHA512

      c98b7328872c71b7038248c21ff538155f893ec9a4b66cd997e26b430424ef69a9e5a7683e57624791f02cd0378adb3f631440f90ead1122ac119e47270c71a4

    • SSDEEP

      24576:KyQuROkmQEe+omCvUPHd2LdKbGdiY6F0L8bSjAGmf:RQuwJxe+oTUV2LG9P0QmkGm

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks