Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0ad26d3093034b50faa90c4e7f0f2f2c1bce0efde5bc07620895f69bb70e9c1c
-
Size
1.2MB
-
Sample
230506-y6yjrabd99
-
MD5
2119a2204db38869a011c9cdd026f024
-
SHA1
1fda8a77a79caa0e8d3e6510928f0deef54560f6
-
SHA256
0ad26d3093034b50faa90c4e7f0f2f2c1bce0efde5bc07620895f69bb70e9c1c
-
SHA512
46c4e1ae21b607d36a6ad25f5cd897e878b169c85f9858646434b872a027ef586a80e66f20ebd739076def2aea32cdc0c54c11f767e82c170eb0c85ff4e2149c
-
SSDEEP
24576:iyJ9LQISUdMNRkSp+6Z7SjBGnbQEsfQzFinveTn+dX8DfE:JHLQdUYRqI0BobQViiveD+If
Static task
static1
Behavioral task
behavioral1
Sample
0ad26d3093034b50faa90c4e7f0f2f2c1bce0efde5bc07620895f69bb70e9c1c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0ad26d3093034b50faa90c4e7f0f2f2c1bce0efde5bc07620895f69bb70e9c1c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
luna
217.196.96.56:4138
-
auth_value
16dec8addb01db1c11c59667022ef7a2
Extracted
redline
boom
217.196.96.56:4138
-
auth_value
1ce6aebe15bac07a7bc88b114bc49335
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
0ad26d3093034b50faa90c4e7f0f2f2c1bce0efde5bc07620895f69bb70e9c1c
-
Size
1.2MB
-
MD5
2119a2204db38869a011c9cdd026f024
-
SHA1
1fda8a77a79caa0e8d3e6510928f0deef54560f6
-
SHA256
0ad26d3093034b50faa90c4e7f0f2f2c1bce0efde5bc07620895f69bb70e9c1c
-
SHA512
46c4e1ae21b607d36a6ad25f5cd897e878b169c85f9858646434b872a027ef586a80e66f20ebd739076def2aea32cdc0c54c11f767e82c170eb0c85ff4e2149c
-
SSDEEP
24576:iyJ9LQISUdMNRkSp+6Z7SjBGnbQEsfQzFinveTn+dX8DfE:JHLQdUYRqI0BobQViiveD+If
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-