Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    60030ecc6b5fd606c7f00bdbceb76de28a8f554e6ab1836fc3f58d86d7ad8b39.bin

  • Size

    691KB

  • Sample

    230506-13lrwsch8y

  • MD5

    7c3275409a3c421c4c64c84557d0369e

  • SHA1

    040731069fd061021fd8b3a0cb0531eed1824492

  • SHA256

    60030ecc6b5fd606c7f00bdbceb76de28a8f554e6ab1836fc3f58d86d7ad8b39

  • SHA512

    0e12ae1e1c7c8a3bd040ab215d6a4129898b8a356981a68e808bed17ad101c821bba6fcc5a1295d2b89a2fde2282542b633f062ea309b578268d24a47da0ab80

  • SSDEEP

    12288:Dy90PWUJi5+BLKRv4AdCYcmrIlzyesue2Q7wVgANBZSSr4b5PKq:DyQWZyk4XtJyxt2iANeSkb5Pd

Malware Config

Targets

    • Target

      60030ecc6b5fd606c7f00bdbceb76de28a8f554e6ab1836fc3f58d86d7ad8b39.bin

    • Size

      691KB

    • MD5

      7c3275409a3c421c4c64c84557d0369e

    • SHA1

      040731069fd061021fd8b3a0cb0531eed1824492

    • SHA256

      60030ecc6b5fd606c7f00bdbceb76de28a8f554e6ab1836fc3f58d86d7ad8b39

    • SHA512

      0e12ae1e1c7c8a3bd040ab215d6a4129898b8a356981a68e808bed17ad101c821bba6fcc5a1295d2b89a2fde2282542b633f062ea309b578268d24a47da0ab80

    • SSDEEP

      12288:Dy90PWUJi5+BLKRv4AdCYcmrIlzyesue2Q7wVgANBZSSr4b5PKq:DyQWZyk4XtJyxt2iANeSkb5Pd

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks