Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    075447ce64e305c8bb32c41a2cf5102f55803f76a2e6b52df991c489b01f9e82

  • Size

    479KB

  • Sample

    230506-2pmygaff5x

  • MD5

    5577147c5b1aa1dd66b5b84982cf3ac8

  • SHA1

    e4ab9506f13992d220905a63757b9e2c8b620cff

  • SHA256

    075447ce64e305c8bb32c41a2cf5102f55803f76a2e6b52df991c489b01f9e82

  • SHA512

    b1b9d057d9ea4a45fb7f27a6ac0a6450f9f4ddfbcfbeb47e4b46a8b4e81add0236b10f128af19d7b15094834eb959691dfc71a53e01f007c4ca4b85cd0a588ab

  • SSDEEP

    12288:GMrfy90tmBpUQZuTzDMoDYmO6aW81OGDXGmRvJURd0uO+i:ByxpZZuIIWTh1OUWrdli

Malware Config

Targets

    • Target

      075447ce64e305c8bb32c41a2cf5102f55803f76a2e6b52df991c489b01f9e82

    • Size

      479KB

    • MD5

      5577147c5b1aa1dd66b5b84982cf3ac8

    • SHA1

      e4ab9506f13992d220905a63757b9e2c8b620cff

    • SHA256

      075447ce64e305c8bb32c41a2cf5102f55803f76a2e6b52df991c489b01f9e82

    • SHA512

      b1b9d057d9ea4a45fb7f27a6ac0a6450f9f4ddfbcfbeb47e4b46a8b4e81add0236b10f128af19d7b15094834eb959691dfc71a53e01f007c4ca4b85cd0a588ab

    • SSDEEP

      12288:GMrfy90tmBpUQZuTzDMoDYmO6aW81OGDXGmRvJURd0uO+i:ByxpZZuIIWTh1OUWrdli

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks