Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ca8bccb8377cde1a2c83b3c5a738922fb912963b66e8ffe56853517fb91189d4.bin

  • Size

    1.3MB

  • Sample

    230505-ya273ahg84

  • MD5

    206ff68bf7248dc0b6f4bf2c25a23f04

  • SHA1

    4f1580cb9f897adbf057e6915a20a79390691af7

  • SHA256

    ca8bccb8377cde1a2c83b3c5a738922fb912963b66e8ffe56853517fb91189d4

  • SHA512

    3f3a6eb641e1cfe2be6529170d3ea7e89f3ba8a00348c6a07f1640f26bf8f03795a8f734c81a4d360c0579bf45cd7b63b9bb6c6adbf1d2c723a5cc8ed48bc32e

  • SSDEEP

    24576:FyEmZUMhILnvtFsWNX3gLZctPqYxGNKxerEgYwRmz2zu4Z7m:gpqMhIbvtDNng9cFqYOsoEgIz2zBZ

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      ca8bccb8377cde1a2c83b3c5a738922fb912963b66e8ffe56853517fb91189d4.bin

    • Size

      1.3MB

    • MD5

      206ff68bf7248dc0b6f4bf2c25a23f04

    • SHA1

      4f1580cb9f897adbf057e6915a20a79390691af7

    • SHA256

      ca8bccb8377cde1a2c83b3c5a738922fb912963b66e8ffe56853517fb91189d4

    • SHA512

      3f3a6eb641e1cfe2be6529170d3ea7e89f3ba8a00348c6a07f1640f26bf8f03795a8f734c81a4d360c0579bf45cd7b63b9bb6c6adbf1d2c723a5cc8ed48bc32e

    • SSDEEP

      24576:FyEmZUMhILnvtFsWNX3gLZctPqYxGNKxerEgYwRmz2zu4Z7m:gpqMhIbvtDNng9cFqYOsoEgIz2zBZ

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks