Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    225db0cc57c434d2e2f5a24f25af3bf4016c517554f850ddb62c7c4bbed1cc8e.bin

  • Size

    644KB

  • Sample

    230506-zr4ynadg84

  • MD5

    082ca37c390cb30aa276101593b490a3

  • SHA1

    df5d4ea1b25f1906325cfe1b948750f6f32fac9d

  • SHA256

    225db0cc57c434d2e2f5a24f25af3bf4016c517554f850ddb62c7c4bbed1cc8e

  • SHA512

    d3793a75f4ca524b50ddc2d7c33abb2057ea5e073297d48e9f9bcd9119716e2745b18cdf1800525b20da3447bd08bbdf9e5a24c26271184248497582a512718c

  • SSDEEP

    12288:Ay90tLO46ghtu1HFBA5GvJYcniIVdUNBqIjuBNBfyUmrPjC0:Ayyan1TJJYcTdUPPPvjB

Malware Config

Targets

    • Target

      225db0cc57c434d2e2f5a24f25af3bf4016c517554f850ddb62c7c4bbed1cc8e.bin

    • Size

      644KB

    • MD5

      082ca37c390cb30aa276101593b490a3

    • SHA1

      df5d4ea1b25f1906325cfe1b948750f6f32fac9d

    • SHA256

      225db0cc57c434d2e2f5a24f25af3bf4016c517554f850ddb62c7c4bbed1cc8e

    • SHA512

      d3793a75f4ca524b50ddc2d7c33abb2057ea5e073297d48e9f9bcd9119716e2745b18cdf1800525b20da3447bd08bbdf9e5a24c26271184248497582a512718c

    • SSDEEP

      12288:Ay90tLO46ghtu1HFBA5GvJYcniIVdUNBqIjuBNBfyUmrPjC0:Ayyan1TJJYcTdUPPPvjB

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks