Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d0aa3df71a9943907e9ef016c47d2133690c60c0f8323518bd779c0802577cb9.bin

  • Size

    697KB

  • Sample

    230505-ygy4zscd7z

  • MD5

    c6cffa513a9f7eaab59a15c8595e276c

  • SHA1

    952b4069097235d093c3f4a5f91735017bac7811

  • SHA256

    d0aa3df71a9943907e9ef016c47d2133690c60c0f8323518bd779c0802577cb9

  • SHA512

    b1e96465b65a79f482a69d58544cecd355aebc32903c9c6d0cc9c72050fad2208241e740d0049f238a50fb0572abf6d79f27fce6c33878d8f3634a25f26b599a

  • SSDEEP

    12288:sy90jkqwaRC8pmGmnXQxywvAjeZjxz9Bm2cJNIE2V7tNHSWa1c6k:symsawTGmXQxyLAjM2uS/Rh8c6k

Malware Config

Targets

    • Target

      d0aa3df71a9943907e9ef016c47d2133690c60c0f8323518bd779c0802577cb9.bin

    • Size

      697KB

    • MD5

      c6cffa513a9f7eaab59a15c8595e276c

    • SHA1

      952b4069097235d093c3f4a5f91735017bac7811

    • SHA256

      d0aa3df71a9943907e9ef016c47d2133690c60c0f8323518bd779c0802577cb9

    • SHA512

      b1e96465b65a79f482a69d58544cecd355aebc32903c9c6d0cc9c72050fad2208241e740d0049f238a50fb0572abf6d79f27fce6c33878d8f3634a25f26b599a

    • SSDEEP

      12288:sy90jkqwaRC8pmGmnXQxywvAjeZjxz9Bm2cJNIE2V7tNHSWa1c6k:symsawTGmXQxyLAjM2uS/Rh8c6k

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks