Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4995f30f4b777655dd0aa5dcb9a2a6e867df99a39b43a48a9f4a19a90be66b30
-
Size
794KB
-
Sample
230501-zyw7dsae8t
-
MD5
fae553705958b46d8114557115cc3d87
-
SHA1
81fc9c3d22adc12696f159b97181ae8de34ee047
-
SHA256
4995f30f4b777655dd0aa5dcb9a2a6e867df99a39b43a48a9f4a19a90be66b30
-
SHA512
b418eb01ec5331adf8a3675d87f1d26d5fe9b4704665e91eb36f9c0f5eef8b84bbd19b6c80cda5360ec91519ea73e69a2e0b0eba272e3c64d4f2ea8d1ee579d4
-
SSDEEP
12288:ey90f8YlxtrgUIT3f8HT3m5quo4qy+duGgJQ9DHcyfUqmdtbBlj:eyCxtEMahGVD9ZUq8tL
Static task
static1
Behavioral task
behavioral1
Sample
4995f30f4b777655dd0aa5dcb9a2a6e867df99a39b43a48a9f4a19a90be66b30.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
4995f30f4b777655dd0aa5dcb9a2a6e867df99a39b43a48a9f4a19a90be66b30.exe
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
4995f30f4b777655dd0aa5dcb9a2a6e867df99a39b43a48a9f4a19a90be66b30.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dork
185.161.248.73:4164
-
auth_value
e81be7d6cfb453cc812e1b4890eeadad
Targets
-
-
Target
4995f30f4b777655dd0aa5dcb9a2a6e867df99a39b43a48a9f4a19a90be66b30
-
Size
794KB
-
MD5
fae553705958b46d8114557115cc3d87
-
SHA1
81fc9c3d22adc12696f159b97181ae8de34ee047
-
SHA256
4995f30f4b777655dd0aa5dcb9a2a6e867df99a39b43a48a9f4a19a90be66b30
-
SHA512
b418eb01ec5331adf8a3675d87f1d26d5fe9b4704665e91eb36f9c0f5eef8b84bbd19b6c80cda5360ec91519ea73e69a2e0b0eba272e3c64d4f2ea8d1ee579d4
-
SSDEEP
12288:ey90f8YlxtrgUIT3f8HT3m5quo4qy+duGgJQ9DHcyfUqmdtbBlj:eyCxtEMahGVD9ZUq8tL
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-