Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
812f21d5dbc184f75b9524cdbc1cb0b9ce5c72871a907a964bd9ec9539e65b99
-
Size
710KB
-
Sample
230505-w7xmqsdg66
-
MD5
b108ef17051c605f9e057361b14f4928
-
SHA1
454d069b87aca9895bddd840e2b60f47ee2fa83a
-
SHA256
812f21d5dbc184f75b9524cdbc1cb0b9ce5c72871a907a964bd9ec9539e65b99
-
SHA512
aca77a8cff8b72d6a905a2e700fee4c53af6835187d54cae6ed08beb06f6773b6a199008024e0b6460803b586a33309034860d035f0e074fcf4f1cd51356afa9
-
SSDEEP
12288:nMr7y90xj+kGhgAKRExSWNemWjFOE/88v2sLz3n9RZbXVVeRQzhs0J:8yKx4gAUAda1d24z3n9RZRIRHI
Static task
static1
Behavioral task
behavioral1
Sample
812f21d5dbc184f75b9524cdbc1cb0b9ce5c72871a907a964bd9ec9539e65b99.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
812f21d5dbc184f75b9524cdbc1cb0b9ce5c72871a907a964bd9ec9539e65b99.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daris
217.196.96.56:4138
-
auth_value
3491f24ae0250969cd45ce4b3fe77549
Targets
-
-
Target
812f21d5dbc184f75b9524cdbc1cb0b9ce5c72871a907a964bd9ec9539e65b99
-
Size
710KB
-
MD5
b108ef17051c605f9e057361b14f4928
-
SHA1
454d069b87aca9895bddd840e2b60f47ee2fa83a
-
SHA256
812f21d5dbc184f75b9524cdbc1cb0b9ce5c72871a907a964bd9ec9539e65b99
-
SHA512
aca77a8cff8b72d6a905a2e700fee4c53af6835187d54cae6ed08beb06f6773b6a199008024e0b6460803b586a33309034860d035f0e074fcf4f1cd51356afa9
-
SSDEEP
12288:nMr7y90xj+kGhgAKRExSWNemWjFOE/88v2sLz3n9RZbXVVeRQzhs0J:8yKx4gAUAda1d24z3n9RZRIRHI
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-