Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    IContratoQK.msi.bin

  • Size

    6.9MB

  • Sample

    230505-zjec2aea37

  • MD5

    923ec566997f9c002d9cf7397c79eb4a

  • SHA1

    2bea51e5e6ab96a4669e34a903e30a4b97580e46

  • SHA256

    9fb4b0494ce8e71c1af8bc538895731ea6da666d8efe405182baa3328aff9966

  • SHA512

    79b1f04d66d1a2b237d57c2f341dbec2e2c41df8089ef38f1f402e6b77d91224a620b6c6c424742d7f7460f5fe60aaaaaed3e3020376d514eb49df2b56eb6e35

  • SSDEEP

    196608:vSc73CzEFE2cseSF2fFpuUaMo8zcdKmGZA+:KI3CzSE2BXFBUaw9/

Malware Config

Targets

    • Target

      IContratoQK.msi.bin

    • Size

      6.9MB

    • MD5

      923ec566997f9c002d9cf7397c79eb4a

    • SHA1

      2bea51e5e6ab96a4669e34a903e30a4b97580e46

    • SHA256

      9fb4b0494ce8e71c1af8bc538895731ea6da666d8efe405182baa3328aff9966

    • SHA512

      79b1f04d66d1a2b237d57c2f341dbec2e2c41df8089ef38f1f402e6b77d91224a620b6c6c424742d7f7460f5fe60aaaaaed3e3020376d514eb49df2b56eb6e35

    • SSDEEP

      196608:vSc73CzEFE2cseSF2fFpuUaMo8zcdKmGZA+:KI3CzSE2BXFBUaw9/

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks