Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5038d752f11fb5e2cb248bd70f6d85a4fb7e7afe3abf0c366303f971f04739d6.bin

  • Size

    1.1MB

  • Sample

    230506-1rejfahf96

  • MD5

    d33634fb0e99475b2b5f3309dd46ee57

  • SHA1

    d4c5a7db4a2dd7a832a9ccdf774b0000e785fee3

  • SHA256

    5038d752f11fb5e2cb248bd70f6d85a4fb7e7afe3abf0c366303f971f04739d6

  • SHA512

    3b1840c346da67a815f1781be6a01a6d0ffc1e4ad7df0e2672cbe362fd220f640d6e3a744aa5ace043a85285e0db5d51c398e9c7929b081507043b71377a80f7

  • SSDEEP

    24576:FypMtpV4x/fy/b8XftHvBZcCTdBACKl3RqyuFpK3qaNecz5tO7yNhVIveS:FyWVk6/b8tH5ZrTxxyMp4VNr5hVge

Malware Config

Targets

    • Target

      5038d752f11fb5e2cb248bd70f6d85a4fb7e7afe3abf0c366303f971f04739d6.bin

    • Size

      1.1MB

    • MD5

      d33634fb0e99475b2b5f3309dd46ee57

    • SHA1

      d4c5a7db4a2dd7a832a9ccdf774b0000e785fee3

    • SHA256

      5038d752f11fb5e2cb248bd70f6d85a4fb7e7afe3abf0c366303f971f04739d6

    • SHA512

      3b1840c346da67a815f1781be6a01a6d0ffc1e4ad7df0e2672cbe362fd220f640d6e3a744aa5ace043a85285e0db5d51c398e9c7929b081507043b71377a80f7

    • SSDEEP

      24576:FypMtpV4x/fy/b8XftHvBZcCTdBACKl3RqyuFpK3qaNecz5tO7yNhVIveS:FyWVk6/b8tH5ZrTxxyMp4VNr5hVge

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks