Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    06dde7c50269c70b91806f90c5b2438e4edcbf645f733349d452def46bdf7bf8.bin

  • Size

    747KB

  • Sample

    230506-2nx22sdf72

  • MD5

    bf11028a9e04429e455cf58ded552c33

  • SHA1

    56ab4b5e04bc8974db09cace011dbf6bf14d7ec8

  • SHA256

    06dde7c50269c70b91806f90c5b2438e4edcbf645f733349d452def46bdf7bf8

  • SHA512

    351a3aa741f3e5169347971c4717a30261302baa4b309d9a8aaf5f730d239d66af4f380e21f0aefee7752a43eb88f39193450a31cf353591ffeccd5726d8428d

  • SSDEEP

    12288:Jy90CSWL2KN4I/DL9C3kb8tzqbMIPV4wuP9FUGiARO9RYBtAmXuSLdMid1lCG:JyzSW6g/9CUb8tzq4IPVK9F9ipoAmXzj

Malware Config

Targets

    • Target

      06dde7c50269c70b91806f90c5b2438e4edcbf645f733349d452def46bdf7bf8.bin

    • Size

      747KB

    • MD5

      bf11028a9e04429e455cf58ded552c33

    • SHA1

      56ab4b5e04bc8974db09cace011dbf6bf14d7ec8

    • SHA256

      06dde7c50269c70b91806f90c5b2438e4edcbf645f733349d452def46bdf7bf8

    • SHA512

      351a3aa741f3e5169347971c4717a30261302baa4b309d9a8aaf5f730d239d66af4f380e21f0aefee7752a43eb88f39193450a31cf353591ffeccd5726d8428d

    • SSDEEP

      12288:Jy90CSWL2KN4I/DL9C3kb8tzqbMIPV4wuP9FUGiARO9RYBtAmXuSLdMid1lCG:JyzSW6g/9CUb8tzq4IPVK9F9ipoAmXzj

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks