Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3161c0a02467b18f37fdad33dab0d9609eff8122ca9baf764c1269d9954fcbf7.bin

  • Size

    702KB

  • Sample

    230506-z29xnafa82

  • MD5

    5798a2661ffa445fa108eb1250c4e257

  • SHA1

    65f9c18d70aec692fc3b49ecb0f1711b0641b229

  • SHA256

    3161c0a02467b18f37fdad33dab0d9609eff8122ca9baf764c1269d9954fcbf7

  • SHA512

    6de6a333a60a3ad1e5e9abc78d086aeafd03b900d15ccf44af0481172793c897f5a46073aec4ad3522fd9cab70968db85f13494f3ebadefb9e4eb8f039074c26

  • SSDEEP

    12288:4y90pQ2oukJckcYouslkK8/I2cqTEG2do9w2YbZ3G0ZJgjhjtmRI:4y2CJqZ8AgoGlwVF7ZJgjfv

Malware Config

Targets

    • Target

      3161c0a02467b18f37fdad33dab0d9609eff8122ca9baf764c1269d9954fcbf7.bin

    • Size

      702KB

    • MD5

      5798a2661ffa445fa108eb1250c4e257

    • SHA1

      65f9c18d70aec692fc3b49ecb0f1711b0641b229

    • SHA256

      3161c0a02467b18f37fdad33dab0d9609eff8122ca9baf764c1269d9954fcbf7

    • SHA512

      6de6a333a60a3ad1e5e9abc78d086aeafd03b900d15ccf44af0481172793c897f5a46073aec4ad3522fd9cab70968db85f13494f3ebadefb9e4eb8f039074c26

    • SSDEEP

      12288:4y90pQ2oukJckcYouslkK8/I2cqTEG2do9w2YbZ3G0ZJgjhjtmRI:4y2CJqZ8AgoGlwVF7ZJgjfv

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks