Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4090943b969146fec91fcfb0a8336375905fd4503d03854183781347a9309dfa

  • Size

    794KB

  • Sample

    230506-1dvcqsad2s

  • MD5

    2e2cb94c52f219949afac7147e5c52ac

  • SHA1

    ca2b5d00dbfacf16e4a5c6a876a59dc60231de1e

  • SHA256

    4090943b969146fec91fcfb0a8336375905fd4503d03854183781347a9309dfa

  • SHA512

    8e2f9ac1d8f0ce9d80ebf5e765e3f2921225087c1bbea462c33c1bb3c0e8c818bd9a44b6085be4460001a2d7d96abecd039c52bd49ec5c14dd1ddeb533acf465

  • SSDEEP

    24576:9y/3TbGwAOwpfYyg4GiQBOE1JlhgB7P7:YfTbGHnpfNGLOEvlhy

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

danko

C2

185.161.248.73:4164

Attributes
  • auth_value

    784d42a6c1eb1a5060b8bcd3696f5f1e

Targets

    • Target

      4090943b969146fec91fcfb0a8336375905fd4503d03854183781347a9309dfa

    • Size

      794KB

    • MD5

      2e2cb94c52f219949afac7147e5c52ac

    • SHA1

      ca2b5d00dbfacf16e4a5c6a876a59dc60231de1e

    • SHA256

      4090943b969146fec91fcfb0a8336375905fd4503d03854183781347a9309dfa

    • SHA512

      8e2f9ac1d8f0ce9d80ebf5e765e3f2921225087c1bbea462c33c1bb3c0e8c818bd9a44b6085be4460001a2d7d96abecd039c52bd49ec5c14dd1ddeb533acf465

    • SSDEEP

      24576:9y/3TbGwAOwpfYyg4GiQBOE1JlhgB7P7:YfTbGHnpfNGLOEvlhy

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks