Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
81ffeaf62fc612b4cc4bae5ba7b6de526fd7c3b27f6507311dfeadefc63cdad1
-
Size
643KB
-
Sample
230505-w7zgbsfh4t
-
MD5
2cc7aa7e0168eb2592a7a8def853bfd0
-
SHA1
a24ea40f7af17ad880bb435787f2ad638f10fb0b
-
SHA256
81ffeaf62fc612b4cc4bae5ba7b6de526fd7c3b27f6507311dfeadefc63cdad1
-
SHA512
8979348294d0f81fc7c650b29b2fd3a729c9106ab2a49671b4d02784b5c6711d26f7e67d9720f5265bbecbc46e86b8f701fef53c98bd3c15ccab6688243ad25c
-
SSDEEP
12288:9MrAy90hHOH8MDk19op7shYB+R8ZJHft0NdOggdOxXBCSltLA:1yfvk1OecI8r2Xy4RCSvLA
Static task
static1
Behavioral task
behavioral1
Sample
81ffeaf62fc612b4cc4bae5ba7b6de526fd7c3b27f6507311dfeadefc63cdad1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
81ffeaf62fc612b4cc4bae5ba7b6de526fd7c3b27f6507311dfeadefc63cdad1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
darm
217.196.96.56:4138
-
auth_value
d88ac8ccc04ab9979b04b46313db1648
Targets
-
-
Target
81ffeaf62fc612b4cc4bae5ba7b6de526fd7c3b27f6507311dfeadefc63cdad1
-
Size
643KB
-
MD5
2cc7aa7e0168eb2592a7a8def853bfd0
-
SHA1
a24ea40f7af17ad880bb435787f2ad638f10fb0b
-
SHA256
81ffeaf62fc612b4cc4bae5ba7b6de526fd7c3b27f6507311dfeadefc63cdad1
-
SHA512
8979348294d0f81fc7c650b29b2fd3a729c9106ab2a49671b4d02784b5c6711d26f7e67d9720f5265bbecbc46e86b8f701fef53c98bd3c15ccab6688243ad25c
-
SSDEEP
12288:9MrAy90hHOH8MDk19op7shYB+R8ZJHft0NdOggdOxXBCSltLA:1yfvk1OecI8r2Xy4RCSvLA
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-