Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
359b94ffcdbf0c25281017d4c13855b6f64814b43f9aaa00930c429328ca246f
-
Size
708KB
-
Sample
230506-z58h1afd94
-
MD5
fe17086a75844f486a61653bfb3b8541
-
SHA1
3c03377a559be9bdbc1bf1ee3469b43dffcbf42c
-
SHA256
359b94ffcdbf0c25281017d4c13855b6f64814b43f9aaa00930c429328ca246f
-
SHA512
06c4eb22a52df90bc23ca826fcce5cc700a58db1fe551a2295ce7324316f841f82bb9fe33fa36bd63557a464764bb3638388c69a088238277f98449ee4515623
-
SSDEEP
12288:VMrRy90Cy8d7H/yKtXgJSj5jj4zhsQvSUEf/ELZ7HDo:0ymuzqKKJSFj4zh0UIElDDo
Static task
static1
Behavioral task
behavioral1
Sample
359b94ffcdbf0c25281017d4c13855b6f64814b43f9aaa00930c429328ca246f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
359b94ffcdbf0c25281017d4c13855b6f64814b43f9aaa00930c429328ca246f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daris
217.196.96.56:4138
-
auth_value
3491f24ae0250969cd45ce4b3fe77549
Targets
-
-
Target
359b94ffcdbf0c25281017d4c13855b6f64814b43f9aaa00930c429328ca246f
-
Size
708KB
-
MD5
fe17086a75844f486a61653bfb3b8541
-
SHA1
3c03377a559be9bdbc1bf1ee3469b43dffcbf42c
-
SHA256
359b94ffcdbf0c25281017d4c13855b6f64814b43f9aaa00930c429328ca246f
-
SHA512
06c4eb22a52df90bc23ca826fcce5cc700a58db1fe551a2295ce7324316f841f82bb9fe33fa36bd63557a464764bb3638388c69a088238277f98449ee4515623
-
SSDEEP
12288:VMrRy90Cy8d7H/yKtXgJSj5jj4zhsQvSUEf/ELZ7HDo:0ymuzqKKJSFj4zh0UIElDDo
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-