Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0681f33b926858d2cd69b6366654687670b6e870fbb6e4ad01078f5c7c4181ed.bin

  • Size

    651KB

  • Sample

    230506-2m76mafd8z

  • MD5

    5f866f7cedb5d59148d90bc7d021ea33

  • SHA1

    9e7dd5658b0aadca261967806a6994846d7e194b

  • SHA256

    0681f33b926858d2cd69b6366654687670b6e870fbb6e4ad01078f5c7c4181ed

  • SHA512

    d12af1f5401d296e858cd089031be0d604b4fd8fa3e8914e3b966d9ff008946b72c86f10806117a6ae74dbd7349fa893671ec686a5604d7cadb92bad64af3caa

  • SSDEEP

    12288:ay90rC9LBRwA4RWOoPTtaTgJPObDm0ZMa2VmQ1nzCITh:ayH/VVPTtZIdR2V51nzCIh

Malware Config

Targets

    • Target

      0681f33b926858d2cd69b6366654687670b6e870fbb6e4ad01078f5c7c4181ed.bin

    • Size

      651KB

    • MD5

      5f866f7cedb5d59148d90bc7d021ea33

    • SHA1

      9e7dd5658b0aadca261967806a6994846d7e194b

    • SHA256

      0681f33b926858d2cd69b6366654687670b6e870fbb6e4ad01078f5c7c4181ed

    • SHA512

      d12af1f5401d296e858cd089031be0d604b4fd8fa3e8914e3b966d9ff008946b72c86f10806117a6ae74dbd7349fa893671ec686a5604d7cadb92bad64af3caa

    • SSDEEP

      12288:ay90rC9LBRwA4RWOoPTtaTgJPObDm0ZMa2VmQ1nzCITh:ayH/VVPTtZIdR2V51nzCIh

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks