Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    33155b84fd323e44f3800fc499ee5daaa9e862411063d0b1cde03776e0564d68.bin

  • Size

    893KB

  • Sample

    230506-z4bgwahc61

  • MD5

    8d71a0856eabe171e0d709cfb34d99c2

  • SHA1

    76ab242fb9762c36c97d92ac57ce759a504c8325

  • SHA256

    33155b84fd323e44f3800fc499ee5daaa9e862411063d0b1cde03776e0564d68

  • SHA512

    c67d91c2fb8a219c7be8cce5220f3592f59563b364f71fe1fe815b780b72ceb2de19bd160a3ef7307f316d1651ae36dacb778320edbb3152e546e0a3069eb176

  • SSDEEP

    12288:vy906JSsvYY051u8Z/42PKitNKkAFi/BUUL4rDOAHUl/P9YVapFAW/rKIEGH7Hqz:vyVrYYa1u8NFtoYLeiJH9KafAhI1bUj

Malware Config

Extracted

Family

redline

Botnet

dark

C2

185.161.248.73:4164

Attributes
  • auth_value

    ae85b01f66afe8770afeed560513fc2d

Targets

    • Target

      33155b84fd323e44f3800fc499ee5daaa9e862411063d0b1cde03776e0564d68.bin

    • Size

      893KB

    • MD5

      8d71a0856eabe171e0d709cfb34d99c2

    • SHA1

      76ab242fb9762c36c97d92ac57ce759a504c8325

    • SHA256

      33155b84fd323e44f3800fc499ee5daaa9e862411063d0b1cde03776e0564d68

    • SHA512

      c67d91c2fb8a219c7be8cce5220f3592f59563b364f71fe1fe815b780b72ceb2de19bd160a3ef7307f316d1651ae36dacb778320edbb3152e546e0a3069eb176

    • SSDEEP

      12288:vy906JSsvYY051u8Z/42PKitNKkAFi/BUUL4rDOAHUl/P9YVapFAW/rKIEGH7Hqz:vyVrYYa1u8NFtoYLeiJH9KafAhI1bUj

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks