Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dff289a0a6c872d0b7fdc8abc1bae9663fa7d696dd77107f43bc4b6fb1fb3e9d
-
Size
479KB
-
Sample
230505-ytbjfsbe37
-
MD5
12b434b14f0b99a862f43c64ace41124
-
SHA1
6e6a1d8470622c4f3a21dddfca13b27ffe9446ad
-
SHA256
dff289a0a6c872d0b7fdc8abc1bae9663fa7d696dd77107f43bc4b6fb1fb3e9d
-
SHA512
de361f943abd39064556536e46b6caa049388d24c21544934332a0b03614e0c255e6fb4ede163e5faa282f3b6eddb3040471a5e9354bf4a4a9009b993ebac2c9
-
SSDEEP
12288:pMr+y90LU+bWrT3zAE8aF01eMTzkVJWPVJ2:vyj+bA7z1W1eIzPVU
Static task
static1
Behavioral task
behavioral1
Sample
dff289a0a6c872d0b7fdc8abc1bae9663fa7d696dd77107f43bc4b6fb1fb3e9d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
dff289a0a6c872d0b7fdc8abc1bae9663fa7d696dd77107f43bc4b6fb1fb3e9d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daris
217.196.96.56:4138
-
auth_value
3491f24ae0250969cd45ce4b3fe77549
Targets
-
-
Target
dff289a0a6c872d0b7fdc8abc1bae9663fa7d696dd77107f43bc4b6fb1fb3e9d
-
Size
479KB
-
MD5
12b434b14f0b99a862f43c64ace41124
-
SHA1
6e6a1d8470622c4f3a21dddfca13b27ffe9446ad
-
SHA256
dff289a0a6c872d0b7fdc8abc1bae9663fa7d696dd77107f43bc4b6fb1fb3e9d
-
SHA512
de361f943abd39064556536e46b6caa049388d24c21544934332a0b03614e0c255e6fb4ede163e5faa282f3b6eddb3040471a5e9354bf4a4a9009b993ebac2c9
-
SSDEEP
12288:pMr+y90LU+bWrT3zAE8aF01eMTzkVJWPVJ2:vyj+bA7z1W1eIzPVU
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-