Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e4b562934ae40636d8102c523b7354ac422151110efbaf7d37003fd6d4186fb6.bin
-
Size
1.1MB
-
Sample
230505-yyefxaea8s
-
MD5
9dbdedf19b01382efb8cbfcdbc9f8133
-
SHA1
32a9d2f4e44c8c4dd331206b7f4cf8546a33b28b
-
SHA256
e4b562934ae40636d8102c523b7354ac422151110efbaf7d37003fd6d4186fb6
-
SHA512
f5cb75a4c4b7c0143fd829907dd82f568c495900c921f23f7790ccdbe8c88bc39f82b017a9e5f8359faf705570592c5138260b1d09a24319b1475d9683f463ca
-
SSDEEP
24576:SysgfypocL+ioj0XamkzlpSUQzb3N2rCNsSXri:5lfyR4jSaHpUfdsQpr
Malware Config
Targets
-
-
Target
e4b562934ae40636d8102c523b7354ac422151110efbaf7d37003fd6d4186fb6.bin
-
Size
1.1MB
-
MD5
9dbdedf19b01382efb8cbfcdbc9f8133
-
SHA1
32a9d2f4e44c8c4dd331206b7f4cf8546a33b28b
-
SHA256
e4b562934ae40636d8102c523b7354ac422151110efbaf7d37003fd6d4186fb6
-
SHA512
f5cb75a4c4b7c0143fd829907dd82f568c495900c921f23f7790ccdbe8c88bc39f82b017a9e5f8359faf705570592c5138260b1d09a24319b1475d9683f463ca
-
SSDEEP
24576:SysgfypocL+ioj0XamkzlpSUQzb3N2rCNsSXri:5lfyR4jSaHpUfdsQpr
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-