Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427
-
Size
1.4MB
-
Sample
230506-ywswhscg3t
-
MD5
36afbedc4aea6e680097c7134f721b05
-
SHA1
681c0686d82b3050adcb1cda99ad79a3d46e23be
-
SHA256
005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427
-
SHA512
9b9ab7a650db6dc5ea5912e1527a41b87e254b4ea5f24adf149d4a4781263a218ae40ed0a409305f48dd23d49786a6dce8cc743edc0c879676b946be2ad99323
-
SSDEEP
24576:byhhBvapvYX4O5uQNj8RCEC1NmBl2AQMwtuSZ6eY+0b99bTEQcgOg9VjPI855Y2:O5voO4Qd8RvC1NuwArhSZ6egb99bTPtP
Static task
static1
Behavioral task
behavioral1
Sample
005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
massa
185.161.248.73:4164
-
auth_value
413bf908ab27d959c62bef532780f511
Targets
-
-
Target
005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427
-
Size
1.4MB
-
MD5
36afbedc4aea6e680097c7134f721b05
-
SHA1
681c0686d82b3050adcb1cda99ad79a3d46e23be
-
SHA256
005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427
-
SHA512
9b9ab7a650db6dc5ea5912e1527a41b87e254b4ea5f24adf149d4a4781263a218ae40ed0a409305f48dd23d49786a6dce8cc743edc0c879676b946be2ad99323
-
SSDEEP
24576:byhhBvapvYX4O5uQNj8RCEC1NmBl2AQMwtuSZ6eY+0b99bTEQcgOg9VjPI855Y2:O5voO4Qd8RvC1NuwArhSZ6egb99bTPtP
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-