Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2dc744e64d4b1b9e4dfe408579228b90be28484abb9c59ea326269cb11e315cf.bin

  • Size

    1.1MB

  • Sample

    230506-zzr9tseg45

  • MD5

    ad246420edbfa3b201927609651d8cc3

  • SHA1

    1837216d45093adc537c8327223b8e806c69c198

  • SHA256

    2dc744e64d4b1b9e4dfe408579228b90be28484abb9c59ea326269cb11e315cf

  • SHA512

    2d5dc85b80321cde2986031ffcbc7099d86608a0c33690c38b795737ad0157a5b0af4ecaad77544d8730d4972f80423c80a5d43f41280f1c676f5fdeade65120

  • SSDEEP

    24576:+y+NTfwOGYi5Md+QyWV1OW4ediXd6Frj8bj/ke:N+NTfw49jygOW4ednrIX

Malware Config

Targets

    • Target

      2dc744e64d4b1b9e4dfe408579228b90be28484abb9c59ea326269cb11e315cf.bin

    • Size

      1.1MB

    • MD5

      ad246420edbfa3b201927609651d8cc3

    • SHA1

      1837216d45093adc537c8327223b8e806c69c198

    • SHA256

      2dc744e64d4b1b9e4dfe408579228b90be28484abb9c59ea326269cb11e315cf

    • SHA512

      2d5dc85b80321cde2986031ffcbc7099d86608a0c33690c38b795737ad0157a5b0af4ecaad77544d8730d4972f80423c80a5d43f41280f1c676f5fdeade65120

    • SSDEEP

      24576:+y+NTfwOGYi5Md+QyWV1OW4ediXd6Frj8bj/ke:N+NTfw49jygOW4ednrIX

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks