Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1f271567be6e1d3ef6edb068a3afb6f3de43076b906d28cb9466e55e400ab54f.bin

  • Size

    685KB

  • Sample

    230506-znpdssfe3w

  • MD5

    a535488d1208eb430fef9fa3ccf1f6e8

  • SHA1

    ee7607dd58e4655c4a33eb1b1cf3eb31fd7a2fdf

  • SHA256

    1f271567be6e1d3ef6edb068a3afb6f3de43076b906d28cb9466e55e400ab54f

  • SHA512

    b6161d268bd6038dd2791b8c573dd2620e35ba42e6f0969e4e9c3266d648a3f1cfd73907691e4d1cc2c9798779bfe705ea998505573d4531d2d0caf315b6cbe0

  • SSDEEP

    12288:py902dT4IOxGBG+RVVlMFWyCSKVx5mKZbkNDWYmXZ5Sy8r/3A6Hyd7h:pybdEIOQdMoSy3mLWrXPSbwmWh

Malware Config

Targets

    • Target

      1f271567be6e1d3ef6edb068a3afb6f3de43076b906d28cb9466e55e400ab54f.bin

    • Size

      685KB

    • MD5

      a535488d1208eb430fef9fa3ccf1f6e8

    • SHA1

      ee7607dd58e4655c4a33eb1b1cf3eb31fd7a2fdf

    • SHA256

      1f271567be6e1d3ef6edb068a3afb6f3de43076b906d28cb9466e55e400ab54f

    • SHA512

      b6161d268bd6038dd2791b8c573dd2620e35ba42e6f0969e4e9c3266d648a3f1cfd73907691e4d1cc2c9798779bfe705ea998505573d4531d2d0caf315b6cbe0

    • SSDEEP

      12288:py902dT4IOxGBG+RVVlMFWyCSKVx5mKZbkNDWYmXZ5Sy8r/3A6Hyd7h:pybdEIOQdMoSy3mLWrXPSbwmWh

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks