Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    13c6fa0f88658b1910b7d533f0d4fda014977b845ecb302952cd8c3e3e8b8823.bin

  • Size

    1.1MB

  • Sample

    230506-zdhs9scc85

  • MD5

    1aa276635a4f279f87a6815eeb71f8a7

  • SHA1

    9cc7e4f893bca28687783b770885768909fab4f9

  • SHA256

    13c6fa0f88658b1910b7d533f0d4fda014977b845ecb302952cd8c3e3e8b8823

  • SHA512

    99441e298db9bbd895a8c00c2abed1649908ce9f51a315c25e5b04428bd43addae0723d34edc2d250378bbcacfa57712d577839809758ec0e8b6d485be3a2f60

  • SSDEEP

    24576:xyiwLPne/BWcVoN05TMf3UjSxbfkooXEQypVb6FGZ8bjVJBraj:kFne/EcVoNu1jSmlEfSGOXjB

Malware Config

Targets

    • Target

      13c6fa0f88658b1910b7d533f0d4fda014977b845ecb302952cd8c3e3e8b8823.bin

    • Size

      1.1MB

    • MD5

      1aa276635a4f279f87a6815eeb71f8a7

    • SHA1

      9cc7e4f893bca28687783b770885768909fab4f9

    • SHA256

      13c6fa0f88658b1910b7d533f0d4fda014977b845ecb302952cd8c3e3e8b8823

    • SHA512

      99441e298db9bbd895a8c00c2abed1649908ce9f51a315c25e5b04428bd43addae0723d34edc2d250378bbcacfa57712d577839809758ec0e8b6d485be3a2f60

    • SSDEEP

      24576:xyiwLPne/BWcVoN05TMf3UjSxbfkooXEQypVb6FGZ8bjVJBraj:kFne/EcVoNu1jSmlEfSGOXjB

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks