Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    302194ebde87a29004db7110ed3d44d2df485125376e9c49660089397933b981.bin

  • Size

    752KB

  • Sample

    230506-z2h4yaha5v

  • MD5

    1a19b9ee8370cd15514ed2b65076c96a

  • SHA1

    99ddc12f7c68d0192e08583b0d610b6d4e959e79

  • SHA256

    302194ebde87a29004db7110ed3d44d2df485125376e9c49660089397933b981

  • SHA512

    f5a47a403d12a86ddf9256dd91cea074898f929bf65ce405ae6c4ff7421af5fac811446132226088d60dc0850079769885f3f5ce3b78e6d750328af1dd153c14

  • SSDEEP

    12288:Zy908FlsPgv88KPOOD/by6TjYW/8xd3UDWb6VvqmIXk:ZyxwDpDWUD/ulUSC1IXk

Malware Config

Targets

    • Target

      302194ebde87a29004db7110ed3d44d2df485125376e9c49660089397933b981.bin

    • Size

      752KB

    • MD5

      1a19b9ee8370cd15514ed2b65076c96a

    • SHA1

      99ddc12f7c68d0192e08583b0d610b6d4e959e79

    • SHA256

      302194ebde87a29004db7110ed3d44d2df485125376e9c49660089397933b981

    • SHA512

      f5a47a403d12a86ddf9256dd91cea074898f929bf65ce405ae6c4ff7421af5fac811446132226088d60dc0850079769885f3f5ce3b78e6d750328af1dd153c14

    • SSDEEP

      12288:Zy908FlsPgv88KPOOD/by6TjYW/8xd3UDWb6VvqmIXk:ZyxwDpDWUD/ulUSC1IXk

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks