Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    49148476fe5813acae79646a34715106d60a43530c32556a7b5416ad068b955b.bin

  • Size

    1.2MB

  • Sample

    230506-1k3mpaba7s

  • MD5

    3cabdf1cdda2ead970d479088c9e205f

  • SHA1

    53a7ab49e103ec50614f2d25b243b222000766c2

  • SHA256

    49148476fe5813acae79646a34715106d60a43530c32556a7b5416ad068b955b

  • SHA512

    aa4dface74240e91deec788c94930365781a8dba097d980faf1f9d0babe16b75bedc00e04e0a9708700a33f2c795cd500ab317399b6609a734f4609319be163f

  • SSDEEP

    24576:2y0XzjbedLUczrquzsWKwfRYGmQSHL6y6l28W1xoAZ:FozjbitSTHwfuGyr612B1xo

Malware Config

Targets

    • Target

      49148476fe5813acae79646a34715106d60a43530c32556a7b5416ad068b955b.bin

    • Size

      1.2MB

    • MD5

      3cabdf1cdda2ead970d479088c9e205f

    • SHA1

      53a7ab49e103ec50614f2d25b243b222000766c2

    • SHA256

      49148476fe5813acae79646a34715106d60a43530c32556a7b5416ad068b955b

    • SHA512

      aa4dface74240e91deec788c94930365781a8dba097d980faf1f9d0babe16b75bedc00e04e0a9708700a33f2c795cd500ab317399b6609a734f4609319be163f

    • SSDEEP

      24576:2y0XzjbedLUczrquzsWKwfRYGmQSHL6y6l28W1xoAZ:FozjbitSTHwfuGyr612B1xo

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks