Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6e3eebd9d6a0e53094f95b2029a6384727555b13ee0c59a057928d6018dc4113.bin

  • Size

    746KB

  • Sample

    230506-2cwpvaec3w

  • MD5

    d183bc9483a7ec12de8f2cb69970caaf

  • SHA1

    bc03c966cb9c0c6b67470b9f96e9b32bede5baf8

  • SHA256

    6e3eebd9d6a0e53094f95b2029a6384727555b13ee0c59a057928d6018dc4113

  • SHA512

    f3fff1b785a9cccfdc91721671304f6eb1dcf68271f7b905783b86a4b4fac7509cc1dc9225d3d0c137b252f06c52fc56a656911421f6513c5b556ba06fb02cc4

  • SSDEEP

    12288:Ty90UocgjXqtikQCcjvsEyVadGB9HSuPZn5RN6JlD4nNPhEhdgak:Ty9MnLsEfGB9HSIR5/egNPhEhk

Malware Config

Targets

    • Target

      6e3eebd9d6a0e53094f95b2029a6384727555b13ee0c59a057928d6018dc4113.bin

    • Size

      746KB

    • MD5

      d183bc9483a7ec12de8f2cb69970caaf

    • SHA1

      bc03c966cb9c0c6b67470b9f96e9b32bede5baf8

    • SHA256

      6e3eebd9d6a0e53094f95b2029a6384727555b13ee0c59a057928d6018dc4113

    • SHA512

      f3fff1b785a9cccfdc91721671304f6eb1dcf68271f7b905783b86a4b4fac7509cc1dc9225d3d0c137b252f06c52fc56a656911421f6513c5b556ba06fb02cc4

    • SSDEEP

      12288:Ty90UocgjXqtikQCcjvsEyVadGB9HSuPZn5RN6JlD4nNPhEhdgak:Ty9MnLsEfGB9HSIR5/egNPhEhk

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks