Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
49148476fe5813acae79646a34715106d60a43530c32556a7b5416ad068b955b.bin
-
Size
1.2MB
-
Sample
230506-1k3mpaba7s
-
MD5
3cabdf1cdda2ead970d479088c9e205f
-
SHA1
53a7ab49e103ec50614f2d25b243b222000766c2
-
SHA256
49148476fe5813acae79646a34715106d60a43530c32556a7b5416ad068b955b
-
SHA512
aa4dface74240e91deec788c94930365781a8dba097d980faf1f9d0babe16b75bedc00e04e0a9708700a33f2c795cd500ab317399b6609a734f4609319be163f
-
SSDEEP
24576:2y0XzjbedLUczrquzsWKwfRYGmQSHL6y6l28W1xoAZ:FozjbitSTHwfuGyr612B1xo
Malware Config
Targets
-
-
Target
49148476fe5813acae79646a34715106d60a43530c32556a7b5416ad068b955b.bin
-
Size
1.2MB
-
MD5
3cabdf1cdda2ead970d479088c9e205f
-
SHA1
53a7ab49e103ec50614f2d25b243b222000766c2
-
SHA256
49148476fe5813acae79646a34715106d60a43530c32556a7b5416ad068b955b
-
SHA512
aa4dface74240e91deec788c94930365781a8dba097d980faf1f9d0babe16b75bedc00e04e0a9708700a33f2c795cd500ab317399b6609a734f4609319be163f
-
SSDEEP
24576:2y0XzjbedLUczrquzsWKwfRYGmQSHL6y6l28W1xoAZ:FozjbitSTHwfuGyr612B1xo
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-