Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
14656a7f8c5a007bc00c2a48085f0c0c83b2e16616b046e5b223471c6db4e744
-
Size
1.2MB
-
Sample
230505-wr7g1aca27
-
MD5
e6503e99a5ec0ec9c4b6ea542cce17ab
-
SHA1
70a457aece1b398bdaeca23287308be4e2aa14ab
-
SHA256
14656a7f8c5a007bc00c2a48085f0c0c83b2e16616b046e5b223471c6db4e744
-
SHA512
daeb6385855070423785f96d9ac16790ecb2e7e4fc243851865387ac475ca30e4d6deec28a339c263e8e799936e09f670a7e440bcaf8da1d6f0405258453794b
-
SSDEEP
24576:dy1G22qT4lPzFAXQSXX2cq3I0DWnJE1r8LxHlKPcnP4A:41PBMlbgv2caIKAqV8ZwP
Static task
static1
Behavioral task
behavioral1
Sample
14656a7f8c5a007bc00c2a48085f0c0c83b2e16616b046e5b223471c6db4e744.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
14656a7f8c5a007bc00c2a48085f0c0c83b2e16616b046e5b223471c6db4e744.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lofa
185.161.248.73:4164
-
auth_value
3442ba767c6a30cde747101942f34a3a
Targets
-
-
Target
14656a7f8c5a007bc00c2a48085f0c0c83b2e16616b046e5b223471c6db4e744
-
Size
1.2MB
-
MD5
e6503e99a5ec0ec9c4b6ea542cce17ab
-
SHA1
70a457aece1b398bdaeca23287308be4e2aa14ab
-
SHA256
14656a7f8c5a007bc00c2a48085f0c0c83b2e16616b046e5b223471c6db4e744
-
SHA512
daeb6385855070423785f96d9ac16790ecb2e7e4fc243851865387ac475ca30e4d6deec28a339c263e8e799936e09f670a7e440bcaf8da1d6f0405258453794b
-
SSDEEP
24576:dy1G22qT4lPzFAXQSXX2cq3I0DWnJE1r8LxHlKPcnP4A:41PBMlbgv2caIKAqV8ZwP
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-