Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6abcb4a7df9c0e2acf88ec8741733fb98170d2c4b92d6a2291744683469d70de
-
Size
480KB
-
Sample
230505-w47crsfd9v
-
MD5
d954057442dfe125e857caccc9854045
-
SHA1
86dd6034712a5517ee90210f650eec767ca38318
-
SHA256
6abcb4a7df9c0e2acf88ec8741733fb98170d2c4b92d6a2291744683469d70de
-
SHA512
6a6d83fff3cd7f2a842147eac73ca7a271cd13ad1c7a154d4600cda9d7c2369e2b087b4f1e4630a43c856c3ba2a558f05863e67abfb5222b0f30286ead8fc5cb
-
SSDEEP
6144:Kfy+bnr+2p0yN90QERTEBKT4qvsbJEOA7RZLIgRv/gBVF91MkMvzdTMo2za8Ud7Z:RMr2y90N0z2Ovbj9+kc0VUdRnU+
Static task
static1
Behavioral task
behavioral1
Sample
6abcb4a7df9c0e2acf88ec8741733fb98170d2c4b92d6a2291744683469d70de.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6abcb4a7df9c0e2acf88ec8741733fb98170d2c4b92d6a2291744683469d70de.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daris
217.196.96.56:4138
-
auth_value
3491f24ae0250969cd45ce4b3fe77549
Targets
-
-
Target
6abcb4a7df9c0e2acf88ec8741733fb98170d2c4b92d6a2291744683469d70de
-
Size
480KB
-
MD5
d954057442dfe125e857caccc9854045
-
SHA1
86dd6034712a5517ee90210f650eec767ca38318
-
SHA256
6abcb4a7df9c0e2acf88ec8741733fb98170d2c4b92d6a2291744683469d70de
-
SHA512
6a6d83fff3cd7f2a842147eac73ca7a271cd13ad1c7a154d4600cda9d7c2369e2b087b4f1e4630a43c856c3ba2a558f05863e67abfb5222b0f30286ead8fc5cb
-
SSDEEP
6144:Kfy+bnr+2p0yN90QERTEBKT4qvsbJEOA7RZLIgRv/gBVF91MkMvzdTMo2za8Ud7Z:RMr2y90N0z2Ovbj9+kc0VUdRnU+
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-