Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    47715e3af503e0af015e83dfc578f5bb9897d6b858bc0cb167c30c9243fcfb44.bin

  • Size

    1.1MB

  • Sample

    230506-1jm6lsah41

  • MD5

    be693d26186f6b62604cd29c7eaf1c34

  • SHA1

    7eacf287c6476758758a1d4a60a3bee85dacd9bf

  • SHA256

    47715e3af503e0af015e83dfc578f5bb9897d6b858bc0cb167c30c9243fcfb44

  • SHA512

    912b7e26ab6d0ff375eb8352b32bf26727d1416d8b03d0ddb84a9b59b95db10365b1d9bbd77c58e8f8f638d0b371fa7ebf5ce2996cf1b2e7184e6147178460ca

  • SSDEEP

    24576:Eyy5V7kZKCaJnl4lgm0bqXavJh2bJj6FmL8bw4RnZs:Ty5V76KzX4IbOqJ+6mQ8

Malware Config

Targets

    • Target

      47715e3af503e0af015e83dfc578f5bb9897d6b858bc0cb167c30c9243fcfb44.bin

    • Size

      1.1MB

    • MD5

      be693d26186f6b62604cd29c7eaf1c34

    • SHA1

      7eacf287c6476758758a1d4a60a3bee85dacd9bf

    • SHA256

      47715e3af503e0af015e83dfc578f5bb9897d6b858bc0cb167c30c9243fcfb44

    • SHA512

      912b7e26ab6d0ff375eb8352b32bf26727d1416d8b03d0ddb84a9b59b95db10365b1d9bbd77c58e8f8f638d0b371fa7ebf5ce2996cf1b2e7184e6147178460ca

    • SSDEEP

      24576:Eyy5V7kZKCaJnl4lgm0bqXavJh2bJj6FmL8bw4RnZs:Ty5V76KzX4IbOqJ+6mQ8

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks