Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d5bcbf7a78cb04f57a934e02be485bba2c42e53e9f82ec44c88a1c8369b97baa.bin
-
Size
930KB
-
Sample
230505-ykzvpacg7s
-
MD5
198488ccbd6bf1eb1e2627642659dfd1
-
SHA1
5a2433a2ace450f461b301d8e3b14c44edaac8c9
-
SHA256
d5bcbf7a78cb04f57a934e02be485bba2c42e53e9f82ec44c88a1c8369b97baa
-
SHA512
c960031346f661955add5bd07f9b480a3fccba1feb6b2799113de31de0459e21f8bef8b8312b2a039b46ce346fc75c455f1f15dda479aa4bc0e3b0008f09d397
-
SSDEEP
12288:ey90o5CSbqTYixb2gPny9W58Z/42fKOtNKEAFOO9ncxXaAmztd9ffBE0BpJC5yyg:eytXqNJbqJRBt8l9nchaL9REIZll
Static task
static1
Behavioral task
behavioral1
Sample
d5bcbf7a78cb04f57a934e02be485bba2c42e53e9f82ec44c88a1c8369b97baa.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d5bcbf7a78cb04f57a934e02be485bba2c42e53e9f82ec44c88a1c8369b97baa.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dark
185.161.248.73:4164
-
auth_value
ae85b01f66afe8770afeed560513fc2d
Targets
-
-
Target
d5bcbf7a78cb04f57a934e02be485bba2c42e53e9f82ec44c88a1c8369b97baa.bin
-
Size
930KB
-
MD5
198488ccbd6bf1eb1e2627642659dfd1
-
SHA1
5a2433a2ace450f461b301d8e3b14c44edaac8c9
-
SHA256
d5bcbf7a78cb04f57a934e02be485bba2c42e53e9f82ec44c88a1c8369b97baa
-
SHA512
c960031346f661955add5bd07f9b480a3fccba1feb6b2799113de31de0459e21f8bef8b8312b2a039b46ce346fc75c455f1f15dda479aa4bc0e3b0008f09d397
-
SSDEEP
12288:ey90o5CSbqTYixb2gPny9W58Z/42fKOtNKEAFOO9ncxXaAmztd9ffBE0BpJC5yyg:eytXqNJbqJRBt8l9nchaL9REIZll
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-