Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    139ba7e1a5a9ade60989b7f5706ca4c955b3f8b9319b55ba1fafe5ca853d7b06.bin

  • Size

    1.1MB

  • Sample

    230506-zddvbacc72

  • MD5

    41b73dff8d93877bdd2086f92bf0dfa1

  • SHA1

    f094b68ee9cd1b107e3d911b8cb7a2102f77283d

  • SHA256

    139ba7e1a5a9ade60989b7f5706ca4c955b3f8b9319b55ba1fafe5ca853d7b06

  • SHA512

    aeda2b7f9b1799756070fc3954bd9ae7c03ac2f69dbdb269f33c24c982f1b4cd705f810bca0b6d6d4fbbd691e43d50fda4b94f653977f6b1ee19d5648e363eb1

  • SSDEEP

    24576:vycLG6X0dygp8crJqXQ3VqMjl6Fa78b8SZUZkby:6JCI8crkEF8agwub

Malware Config

Targets

    • Target

      139ba7e1a5a9ade60989b7f5706ca4c955b3f8b9319b55ba1fafe5ca853d7b06.bin

    • Size

      1.1MB

    • MD5

      41b73dff8d93877bdd2086f92bf0dfa1

    • SHA1

      f094b68ee9cd1b107e3d911b8cb7a2102f77283d

    • SHA256

      139ba7e1a5a9ade60989b7f5706ca4c955b3f8b9319b55ba1fafe5ca853d7b06

    • SHA512

      aeda2b7f9b1799756070fc3954bd9ae7c03ac2f69dbdb269f33c24c982f1b4cd705f810bca0b6d6d4fbbd691e43d50fda4b94f653977f6b1ee19d5648e363eb1

    • SSDEEP

      24576:vycLG6X0dygp8crJqXQ3VqMjl6Fa78b8SZUZkby:6JCI8crkEF8agwub

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks