Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    359b94ffcdbf0c25281017d4c13855b6f64814b43f9aaa00930c429328ca246f

  • Size

    708KB

  • Sample

    230506-z58h1afd94

  • MD5

    fe17086a75844f486a61653bfb3b8541

  • SHA1

    3c03377a559be9bdbc1bf1ee3469b43dffcbf42c

  • SHA256

    359b94ffcdbf0c25281017d4c13855b6f64814b43f9aaa00930c429328ca246f

  • SHA512

    06c4eb22a52df90bc23ca826fcce5cc700a58db1fe551a2295ce7324316f841f82bb9fe33fa36bd63557a464764bb3638388c69a088238277f98449ee4515623

  • SSDEEP

    12288:VMrRy90Cy8d7H/yKtXgJSj5jj4zhsQvSUEf/ELZ7HDo:0ymuzqKKJSFj4zh0UIElDDo

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      359b94ffcdbf0c25281017d4c13855b6f64814b43f9aaa00930c429328ca246f

    • Size

      708KB

    • MD5

      fe17086a75844f486a61653bfb3b8541

    • SHA1

      3c03377a559be9bdbc1bf1ee3469b43dffcbf42c

    • SHA256

      359b94ffcdbf0c25281017d4c13855b6f64814b43f9aaa00930c429328ca246f

    • SHA512

      06c4eb22a52df90bc23ca826fcce5cc700a58db1fe551a2295ce7324316f841f82bb9fe33fa36bd63557a464764bb3638388c69a088238277f98449ee4515623

    • SSDEEP

      12288:VMrRy90Cy8d7H/yKtXgJSj5jj4zhsQvSUEf/ELZ7HDo:0ymuzqKKJSFj4zh0UIElDDo

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks