Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e107e3344bd611dd7e30f3bc7f7999aff199f1dd805b2eb89da2916202625f01.bin
-
Size
1.1MB
-
Sample
230501-xgymsafg9s
-
MD5
43bce08788e8772432a90142383a27c6
-
SHA1
6dddfb9e0d5cac153438eee541744f597c46bb1e
-
SHA256
e107e3344bd611dd7e30f3bc7f7999aff199f1dd805b2eb89da2916202625f01
-
SHA512
1f7f89a4dff677801c8b6459dba4b1a22553a5339a1d0b00ff996398dad37552ff6d5b20eedc6bca93e8fb5c4a515dd476089a973bf536347c32bc4650c6397d
-
SSDEEP
24576:gySQsYlT19crjfhBYzL9uQ1/mEcrX5ZKRPiN5rUipi:nL/XzxJOE6XGRPY5gQ
Static task
static1
Behavioral task
behavioral1
Sample
e107e3344bd611dd7e30f3bc7f7999aff199f1dd805b2eb89da2916202625f01.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e107e3344bd611dd7e30f3bc7f7999aff199f1dd805b2eb89da2916202625f01.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
e107e3344bd611dd7e30f3bc7f7999aff199f1dd805b2eb89da2916202625f01.bin
-
Size
1.1MB
-
MD5
43bce08788e8772432a90142383a27c6
-
SHA1
6dddfb9e0d5cac153438eee541744f597c46bb1e
-
SHA256
e107e3344bd611dd7e30f3bc7f7999aff199f1dd805b2eb89da2916202625f01
-
SHA512
1f7f89a4dff677801c8b6459dba4b1a22553a5339a1d0b00ff996398dad37552ff6d5b20eedc6bca93e8fb5c4a515dd476089a973bf536347c32bc4650c6397d
-
SSDEEP
24576:gySQsYlT19crjfhBYzL9uQ1/mEcrX5ZKRPiN5rUipi:nL/XzxJOE6XGRPY5gQ
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-