Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    026e69968b3e10d35521b5f640dfc0ed35f0783e3bcd8ee4d58361ddf82fc1bc.bin.bin

  • Size

    1.7MB

  • Sample

    230506-yypxmsag32

  • MD5

    79ac1591bc7d22700673f7a36a345563

  • SHA1

    8babb27ba0fa7792d3c43f40d04bc63dfaca71ae

  • SHA256

    026e69968b3e10d35521b5f640dfc0ed35f0783e3bcd8ee4d58361ddf82fc1bc

  • SHA512

    fb22eb851db8f90e951acbf26dc4284b64b60afa4d74327facc4d8f1df5f0479db3bf77bdf577be1cfa98fb3789cb0adb8f8ec1b07d1094208024eb6b967c594

  • SSDEEP

    49152:NAs0b0/VN4JstEFYrzHjTfL2sS01BJra8CsevA8W:n0b09N4qtEOjTfysJ1BBCs+AD

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      026e69968b3e10d35521b5f640dfc0ed35f0783e3bcd8ee4d58361ddf82fc1bc.bin.bin

    • Size

      1.7MB

    • MD5

      79ac1591bc7d22700673f7a36a345563

    • SHA1

      8babb27ba0fa7792d3c43f40d04bc63dfaca71ae

    • SHA256

      026e69968b3e10d35521b5f640dfc0ed35f0783e3bcd8ee4d58361ddf82fc1bc

    • SHA512

      fb22eb851db8f90e951acbf26dc4284b64b60afa4d74327facc4d8f1df5f0479db3bf77bdf577be1cfa98fb3789cb0adb8f8ec1b07d1094208024eb6b967c594

    • SSDEEP

      49152:NAs0b0/VN4JstEFYrzHjTfL2sS01BJra8CsevA8W:n0b09N4qtEOjTfysJ1BBCs+AD

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks