Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
64bc5be8e323b038ba78d702390c12aa4ddfa3f34afd515a61ede1833a2741a8
-
Size
587KB
-
Sample
230505-w4jlpsfd3y
-
MD5
fbf537cc0ac02ea7aa7aa5bc0671863f
-
SHA1
884c98ee8b72763589a0d806da6d678710993943
-
SHA256
64bc5be8e323b038ba78d702390c12aa4ddfa3f34afd515a61ede1833a2741a8
-
SHA512
6314170c1df6c87aa8731dd1eb553e8a5e21b547273bbb0c3cee40d4da5391f201c753057e7f4c15e7a06a0bb0f485bfa213b44a01085a7899d730e0d9f3d605
-
SSDEEP
12288:uMrFy90yalWUP2uJvwRLIrMfccbPLACo34kbe:zyAzPnaRL7fVbPU1C
Static task
static1
Behavioral task
behavioral1
Sample
64bc5be8e323b038ba78d702390c12aa4ddfa3f34afd515a61ede1833a2741a8.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
64bc5be8e323b038ba78d702390c12aa4ddfa3f34afd515a61ede1833a2741a8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daris
217.196.96.56:4138
-
auth_value
3491f24ae0250969cd45ce4b3fe77549
Targets
-
-
Target
64bc5be8e323b038ba78d702390c12aa4ddfa3f34afd515a61ede1833a2741a8
-
Size
587KB
-
MD5
fbf537cc0ac02ea7aa7aa5bc0671863f
-
SHA1
884c98ee8b72763589a0d806da6d678710993943
-
SHA256
64bc5be8e323b038ba78d702390c12aa4ddfa3f34afd515a61ede1833a2741a8
-
SHA512
6314170c1df6c87aa8731dd1eb553e8a5e21b547273bbb0c3cee40d4da5391f201c753057e7f4c15e7a06a0bb0f485bfa213b44a01085a7899d730e0d9f3d605
-
SSDEEP
12288:uMrFy90yalWUP2uJvwRLIrMfccbPLACo34kbe:zyAzPnaRL7fVbPU1C
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-