Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
IContratoQK.msi.bin
-
Size
6.9MB
-
Sample
230505-zjec2aea37
-
MD5
923ec566997f9c002d9cf7397c79eb4a
-
SHA1
2bea51e5e6ab96a4669e34a903e30a4b97580e46
-
SHA256
9fb4b0494ce8e71c1af8bc538895731ea6da666d8efe405182baa3328aff9966
-
SHA512
79b1f04d66d1a2b237d57c2f341dbec2e2c41df8089ef38f1f402e6b77d91224a620b6c6c424742d7f7460f5fe60aaaaaed3e3020376d514eb49df2b56eb6e35
-
SSDEEP
196608:vSc73CzEFE2cseSF2fFpuUaMo8zcdKmGZA+:KI3CzSE2BXFBUaw9/
Static task
static1
Behavioral task
behavioral1
Sample
IContratoQK.msi
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
IContratoQK.msi
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
IContratoQK.msi.bin
-
Size
6.9MB
-
MD5
923ec566997f9c002d9cf7397c79eb4a
-
SHA1
2bea51e5e6ab96a4669e34a903e30a4b97580e46
-
SHA256
9fb4b0494ce8e71c1af8bc538895731ea6da666d8efe405182baa3328aff9966
-
SHA512
79b1f04d66d1a2b237d57c2f341dbec2e2c41df8089ef38f1f402e6b77d91224a620b6c6c424742d7f7460f5fe60aaaaaed3e3020376d514eb49df2b56eb6e35
-
SSDEEP
196608:vSc73CzEFE2cseSF2fFpuUaMo8zcdKmGZA+:KI3CzSE2BXFBUaw9/
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-