Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3d008be47bd2f82957470b40eaff3e59689b100cc2f32d40d2f2e57838c3f6f5.bin

  • Size

    1.1MB

  • Sample

    230506-1a7tnagb24

  • MD5

    fccb6c2dc19f2dffabcdfd0828285e6c

  • SHA1

    4bf68985cf76cdc20d482909ba0da2eefbf4e61a

  • SHA256

    3d008be47bd2f82957470b40eaff3e59689b100cc2f32d40d2f2e57838c3f6f5

  • SHA512

    332e32d1c27d5c8234b40ad430bb866577fbfe9e1327f96e91481a99f0ebcd6736621a42d471f00b557eb0db990cae4255e6eed08c9bb23fbab8df9983497bf2

  • SSDEEP

    24576:kyHLC2x9cgoKjjkXlikwTj0kxY+A10rPkTVZ+UZK9:zm2x9vVjClSjLA1/iE

Malware Config

Targets

    • Target

      3d008be47bd2f82957470b40eaff3e59689b100cc2f32d40d2f2e57838c3f6f5.bin

    • Size

      1.1MB

    • MD5

      fccb6c2dc19f2dffabcdfd0828285e6c

    • SHA1

      4bf68985cf76cdc20d482909ba0da2eefbf4e61a

    • SHA256

      3d008be47bd2f82957470b40eaff3e59689b100cc2f32d40d2f2e57838c3f6f5

    • SHA512

      332e32d1c27d5c8234b40ad430bb866577fbfe9e1327f96e91481a99f0ebcd6736621a42d471f00b557eb0db990cae4255e6eed08c9bb23fbab8df9983497bf2

    • SSDEEP

      24576:kyHLC2x9cgoKjjkXlikwTj0kxY+A10rPkTVZ+UZK9:zm2x9vVjClSjLA1/iE

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks