Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    069896700f5dc9d4f3944a98a786fbf709aa5ee4c3cd57846afa9fa086950a6c.bin

  • Size

    868KB

  • Sample

    230506-y3nkdadd6v

  • MD5

    f9708e5351d3eca278ff3ab3b382068d

  • SHA1

    f9dc91630caaff42de68d9e1fba1ef27429e7e96

  • SHA256

    069896700f5dc9d4f3944a98a786fbf709aa5ee4c3cd57846afa9fa086950a6c

  • SHA512

    3d9f9bd5c7a8c98d848ab24d53ae7eae1ece58e5a7f557aff904c176e61de15602434c1dcad4d9e9a395a5f9531d6fcc3bf15bcd7eda34de8e18f6768eb988e3

  • SSDEEP

    24576:Qy5ixeVzvf/8c+ot+CJTBNA3imJgfgOBoe:X5iOrcfAdlNuJg

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dark

C2

185.161.248.73:4164

Attributes
  • auth_value

    ae85b01f66afe8770afeed560513fc2d

Targets

    • Target

      069896700f5dc9d4f3944a98a786fbf709aa5ee4c3cd57846afa9fa086950a6c.bin

    • Size

      868KB

    • MD5

      f9708e5351d3eca278ff3ab3b382068d

    • SHA1

      f9dc91630caaff42de68d9e1fba1ef27429e7e96

    • SHA256

      069896700f5dc9d4f3944a98a786fbf709aa5ee4c3cd57846afa9fa086950a6c

    • SHA512

      3d9f9bd5c7a8c98d848ab24d53ae7eae1ece58e5a7f557aff904c176e61de15602434c1dcad4d9e9a395a5f9531d6fcc3bf15bcd7eda34de8e18f6768eb988e3

    • SSDEEP

      24576:Qy5ixeVzvf/8c+ot+CJTBNA3imJgfgOBoe:X5iOrcfAdlNuJg

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks