Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    39755ae8c632c5b46f0a5f1ed5c40508d13594889387e246302f3ef6576552cb.bin

  • Size

    747KB

  • Sample

    230506-z8r1eshg6w

  • MD5

    8dd5da27707c53b6acf8484d46dd4d92

  • SHA1

    6ed443bd9a356033531cb51d10e4bcc28763a06f

  • SHA256

    39755ae8c632c5b46f0a5f1ed5c40508d13594889387e246302f3ef6576552cb

  • SHA512

    aad2f44870ef31f528fff29f386a8ce4ae80b50621f5568b20d1ad4f27a88cca9a7eabf5860f5ec9dfec38e2347330b632eb9994768759e06657ea9f46f43850

  • SSDEEP

    12288:hy90Hh6UtNuE8UtcKmHwGvvyrUGayqmG+MBYaTqbL4wr2fLCo7HPxsc:hyu48oakQGCrfapYaGbLZseC7

Malware Config

Targets

    • Target

      39755ae8c632c5b46f0a5f1ed5c40508d13594889387e246302f3ef6576552cb.bin

    • Size

      747KB

    • MD5

      8dd5da27707c53b6acf8484d46dd4d92

    • SHA1

      6ed443bd9a356033531cb51d10e4bcc28763a06f

    • SHA256

      39755ae8c632c5b46f0a5f1ed5c40508d13594889387e246302f3ef6576552cb

    • SHA512

      aad2f44870ef31f528fff29f386a8ce4ae80b50621f5568b20d1ad4f27a88cca9a7eabf5860f5ec9dfec38e2347330b632eb9994768759e06657ea9f46f43850

    • SSDEEP

      12288:hy90Hh6UtNuE8UtcKmHwGvvyrUGayqmG+MBYaTqbL4wr2fLCo7HPxsc:hyu48oakQGCrfapYaGbLZseC7

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks