Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e4b562934ae40636d8102c523b7354ac422151110efbaf7d37003fd6d4186fb6.bin

  • Size

    1.1MB

  • Sample

    230505-yyefxaea8s

  • MD5

    9dbdedf19b01382efb8cbfcdbc9f8133

  • SHA1

    32a9d2f4e44c8c4dd331206b7f4cf8546a33b28b

  • SHA256

    e4b562934ae40636d8102c523b7354ac422151110efbaf7d37003fd6d4186fb6

  • SHA512

    f5cb75a4c4b7c0143fd829907dd82f568c495900c921f23f7790ccdbe8c88bc39f82b017a9e5f8359faf705570592c5138260b1d09a24319b1475d9683f463ca

  • SSDEEP

    24576:SysgfypocL+ioj0XamkzlpSUQzb3N2rCNsSXri:5lfyR4jSaHpUfdsQpr

Malware Config

Targets

    • Target

      e4b562934ae40636d8102c523b7354ac422151110efbaf7d37003fd6d4186fb6.bin

    • Size

      1.1MB

    • MD5

      9dbdedf19b01382efb8cbfcdbc9f8133

    • SHA1

      32a9d2f4e44c8c4dd331206b7f4cf8546a33b28b

    • SHA256

      e4b562934ae40636d8102c523b7354ac422151110efbaf7d37003fd6d4186fb6

    • SHA512

      f5cb75a4c4b7c0143fd829907dd82f568c495900c921f23f7790ccdbe8c88bc39f82b017a9e5f8359faf705570592c5138260b1d09a24319b1475d9683f463ca

    • SSDEEP

      24576:SysgfypocL+ioj0XamkzlpSUQzb3N2rCNsSXri:5lfyR4jSaHpUfdsQpr

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks