Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f9331b1563d414437c218d9af56e1d6a7e1903b2e8e5d32f20ced61254c0601f.bin

  • Size

    1.2MB

  • Sample

    230505-zcltjadd87

  • MD5

    ffb6bc29fe1a2b1347a302e3587dff19

  • SHA1

    ef527cb80e691e5a51da552fd7e334032f309421

  • SHA256

    f9331b1563d414437c218d9af56e1d6a7e1903b2e8e5d32f20ced61254c0601f

  • SHA512

    f1239c70d4d2726b63a72a36c1a3da63d4f8a1998261e1c78aa7b587a88a960850b086601d1e2043e00066e7aff800dc6c6eca460b70b313363c4d0ecc164bf6

  • SSDEEP

    24576:Fj3DX6L44JAoqyf2Bh1F/tSs8mL2U7wucjiw017bw1xq9poyMmem:Fj76L+oqyf2Bl/ksdr754iw017bmw

Malware Config

Targets

    • Target

      f9331b1563d414437c218d9af56e1d6a7e1903b2e8e5d32f20ced61254c0601f.bin

    • Size

      1.2MB

    • MD5

      ffb6bc29fe1a2b1347a302e3587dff19

    • SHA1

      ef527cb80e691e5a51da552fd7e334032f309421

    • SHA256

      f9331b1563d414437c218d9af56e1d6a7e1903b2e8e5d32f20ced61254c0601f

    • SHA512

      f1239c70d4d2726b63a72a36c1a3da63d4f8a1998261e1c78aa7b587a88a960850b086601d1e2043e00066e7aff800dc6c6eca460b70b313363c4d0ecc164bf6

    • SSDEEP

      24576:Fj3DX6L44JAoqyf2Bh1F/tSs8mL2U7wucjiw017bw1xq9poyMmem:Fj76L+oqyf2Bl/ksdr754iw017bmw

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks