Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4684f3e1b8f09396c15c5404fbf5a6920612c0bac27f1efcfc1fc677443fb09c

  • Size

    480KB

  • Sample

    230506-1h113sgh49

  • MD5

    68f1e9940eca94eae5afc7262020ac89

  • SHA1

    5bb896f17d17608e9849606e191ade4b254538f4

  • SHA256

    4684f3e1b8f09396c15c5404fbf5a6920612c0bac27f1efcfc1fc677443fb09c

  • SHA512

    27db8e0b5074df81034431c2379730085b5cade901449b8c06a176f7381f1ae1df8f86b9b75f1abc348ea6d5c7d33619feecb819573e5521adca78c41930d71a

  • SSDEEP

    6144:KHy+bnr+/up0yN90QEKLhxkL4Q5xCW6Rd7HDByt7mne+kMt4+wDri20ET2gDmAbT:tMrIvy90cYJ5xuRdbcOthwy2wgX3

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      4684f3e1b8f09396c15c5404fbf5a6920612c0bac27f1efcfc1fc677443fb09c

    • Size

      480KB

    • MD5

      68f1e9940eca94eae5afc7262020ac89

    • SHA1

      5bb896f17d17608e9849606e191ade4b254538f4

    • SHA256

      4684f3e1b8f09396c15c5404fbf5a6920612c0bac27f1efcfc1fc677443fb09c

    • SHA512

      27db8e0b5074df81034431c2379730085b5cade901449b8c06a176f7381f1ae1df8f86b9b75f1abc348ea6d5c7d33619feecb819573e5521adca78c41930d71a

    • SSDEEP

      6144:KHy+bnr+/up0yN90QEKLhxkL4Q5xCW6Rd7HDByt7mne+kMt4+wDri20ET2gDmAbT:tMrIvy90cYJ5xuRdbcOthwy2wgX3

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks