Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ca8bccb8377cde1a2c83b3c5a738922fb912963b66e8ffe56853517fb91189d4.bin
-
Size
1.3MB
-
Sample
230505-ya273ahg84
-
MD5
206ff68bf7248dc0b6f4bf2c25a23f04
-
SHA1
4f1580cb9f897adbf057e6915a20a79390691af7
-
SHA256
ca8bccb8377cde1a2c83b3c5a738922fb912963b66e8ffe56853517fb91189d4
-
SHA512
3f3a6eb641e1cfe2be6529170d3ea7e89f3ba8a00348c6a07f1640f26bf8f03795a8f734c81a4d360c0579bf45cd7b63b9bb6c6adbf1d2c723a5cc8ed48bc32e
-
SSDEEP
24576:FyEmZUMhILnvtFsWNX3gLZctPqYxGNKxerEgYwRmz2zu4Z7m:gpqMhIbvtDNng9cFqYOsoEgIz2zBZ
Static task
static1
Behavioral task
behavioral1
Sample
ca8bccb8377cde1a2c83b3c5a738922fb912963b66e8ffe56853517fb91189d4.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ca8bccb8377cde1a2c83b3c5a738922fb912963b66e8ffe56853517fb91189d4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
ca8bccb8377cde1a2c83b3c5a738922fb912963b66e8ffe56853517fb91189d4.bin
-
Size
1.3MB
-
MD5
206ff68bf7248dc0b6f4bf2c25a23f04
-
SHA1
4f1580cb9f897adbf057e6915a20a79390691af7
-
SHA256
ca8bccb8377cde1a2c83b3c5a738922fb912963b66e8ffe56853517fb91189d4
-
SHA512
3f3a6eb641e1cfe2be6529170d3ea7e89f3ba8a00348c6a07f1640f26bf8f03795a8f734c81a4d360c0579bf45cd7b63b9bb6c6adbf1d2c723a5cc8ed48bc32e
-
SSDEEP
24576:FyEmZUMhILnvtFsWNX3gLZctPqYxGNKxerEgYwRmz2zu4Z7m:gpqMhIbvtDNng9cFqYOsoEgIz2zBZ
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-