Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Lazzarus_Setup.exe
-
Size
53.2MB
-
Sample
230418-bdp1ksaf4w
-
MD5
2ad6b36a0c48ca740b6d5c8f3c988ece
-
SHA1
86d8ba6c8f6b4f226ab57376d4d2f944cba0c075
-
SHA256
2bb8fe909426c314cb93c573b4e4230fa8c6649f2862d2cacca751e7998302d0
-
SHA512
b30e6d6b8aa341d02ee9240e6b9030b4a0fb0609b67e7ea5ac8a27c1814c4790e66694887795a40378ef0687e4d78046e3cb113767b1afba33d8adeb028e06ca
-
SSDEEP
1572864:CZikz7kZQ0IWFSZhqGJlwRoEpG1wEArR7MCh7:k/kZQfDqGJlwRoh1oFICh7
Static task
static1
Behavioral task
behavioral1
Sample
Lazzarus_Setup.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
Lazzarus_Setup.exe
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
Lazzarus_Setup.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Lazzarus_Setup.exe
-
Size
53.2MB
-
MD5
2ad6b36a0c48ca740b6d5c8f3c988ece
-
SHA1
86d8ba6c8f6b4f226ab57376d4d2f944cba0c075
-
SHA256
2bb8fe909426c314cb93c573b4e4230fa8c6649f2862d2cacca751e7998302d0
-
SHA512
b30e6d6b8aa341d02ee9240e6b9030b4a0fb0609b67e7ea5ac8a27c1814c4790e66694887795a40378ef0687e4d78046e3cb113767b1afba33d8adeb028e06ca
-
SSDEEP
1572864:CZikz7kZQ0IWFSZhqGJlwRoEpG1wEArR7MCh7:k/kZQfDqGJlwRoh1oFICh7
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-