Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    598926b45ac3645ea67beaad934ab589a2c76280cf09091160fb1498cc402c6b

  • Size

    308KB

  • Sample

    230506-1ypmzsae89

  • MD5

    1ea303047c2d631108e382977400e8aa

  • SHA1

    455cce5c4f0f948de08dbb6950ddac242514233d

  • SHA256

    598926b45ac3645ea67beaad934ab589a2c76280cf09091160fb1498cc402c6b

  • SHA512

    bd0d43d40006a78e696dc7afefea9fe551fc5925261fa220fc5236c6de87a4faf3abefe3dc8533d689ebd5a64aa9a2af47cbc32ec266638b5fe04b9cefaec161

  • SSDEEP

    6144:Kky+bnr+1p0yN90QEnlEY+zbPsL4JfR7wDvROxnGgjK0MVLY:cMrhy909b+zYemgxxjK0MxY

Malware Config

Targets

    • Target

      598926b45ac3645ea67beaad934ab589a2c76280cf09091160fb1498cc402c6b

    • Size

      308KB

    • MD5

      1ea303047c2d631108e382977400e8aa

    • SHA1

      455cce5c4f0f948de08dbb6950ddac242514233d

    • SHA256

      598926b45ac3645ea67beaad934ab589a2c76280cf09091160fb1498cc402c6b

    • SHA512

      bd0d43d40006a78e696dc7afefea9fe551fc5925261fa220fc5236c6de87a4faf3abefe3dc8533d689ebd5a64aa9a2af47cbc32ec266638b5fe04b9cefaec161

    • SSDEEP

      6144:Kky+bnr+1p0yN90QEnlEY+zbPsL4JfR7wDvROxnGgjK0MVLY:cMrhy909b+zYemgxxjK0MxY

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks