Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d5bcbf7a78cb04f57a934e02be485bba2c42e53e9f82ec44c88a1c8369b97baa.bin

  • Size

    930KB

  • Sample

    230505-ykzvpacg7s

  • MD5

    198488ccbd6bf1eb1e2627642659dfd1

  • SHA1

    5a2433a2ace450f461b301d8e3b14c44edaac8c9

  • SHA256

    d5bcbf7a78cb04f57a934e02be485bba2c42e53e9f82ec44c88a1c8369b97baa

  • SHA512

    c960031346f661955add5bd07f9b480a3fccba1feb6b2799113de31de0459e21f8bef8b8312b2a039b46ce346fc75c455f1f15dda479aa4bc0e3b0008f09d397

  • SSDEEP

    12288:ey90o5CSbqTYixb2gPny9W58Z/42fKOtNKEAFOO9ncxXaAmztd9ffBE0BpJC5yyg:eytXqNJbqJRBt8l9nchaL9REIZll

Malware Config

Extracted

Family

redline

Botnet

dark

C2

185.161.248.73:4164

Attributes
  • auth_value

    ae85b01f66afe8770afeed560513fc2d

Targets

    • Target

      d5bcbf7a78cb04f57a934e02be485bba2c42e53e9f82ec44c88a1c8369b97baa.bin

    • Size

      930KB

    • MD5

      198488ccbd6bf1eb1e2627642659dfd1

    • SHA1

      5a2433a2ace450f461b301d8e3b14c44edaac8c9

    • SHA256

      d5bcbf7a78cb04f57a934e02be485bba2c42e53e9f82ec44c88a1c8369b97baa

    • SHA512

      c960031346f661955add5bd07f9b480a3fccba1feb6b2799113de31de0459e21f8bef8b8312b2a039b46ce346fc75c455f1f15dda479aa4bc0e3b0008f09d397

    • SSDEEP

      12288:ey90o5CSbqTYixb2gPny9W58Z/42fKOtNKEAFOO9ncxXaAmztd9ffBE0BpJC5yyg:eytXqNJbqJRBt8l9nchaL9REIZll

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks