Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
189ebb2509fb98fb6552421719c446efdf2daad510ed60c177fcc84112321ff6
-
Size
1.4MB
-
Sample
230506-zg2esaeh9t
-
MD5
9d8e0505246513493a86f38902bc8031
-
SHA1
1377b577ade57c286b91a997eda060619292f955
-
SHA256
189ebb2509fb98fb6552421719c446efdf2daad510ed60c177fcc84112321ff6
-
SHA512
2c762ccc36ea84633d1fda5402005e44c94731f50d4ba1e667b3a3abc8811ce597de2d7571733bed36802b7c87451b7da3190406d74435fa6f7be8b81a04bd0d
-
SSDEEP
24576:oyIQPzlb1rycJtqz3EKaij5/gjn1Sn3wDcDEvJNAtMDBshzICNtz047i1vnBMrIy:vlPfrEpRN/gjMo02NrCvW5BFIrd
Static task
static1
Behavioral task
behavioral1
Sample
189ebb2509fb98fb6552421719c446efdf2daad510ed60c177fcc84112321ff6.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
189ebb2509fb98fb6552421719c446efdf2daad510ed60c177fcc84112321ff6.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
max
185.161.248.73:4164
-
auth_value
efb1499709a5d08ed1ddf71cff71211f
Targets
-
-
Target
189ebb2509fb98fb6552421719c446efdf2daad510ed60c177fcc84112321ff6
-
Size
1.4MB
-
MD5
9d8e0505246513493a86f38902bc8031
-
SHA1
1377b577ade57c286b91a997eda060619292f955
-
SHA256
189ebb2509fb98fb6552421719c446efdf2daad510ed60c177fcc84112321ff6
-
SHA512
2c762ccc36ea84633d1fda5402005e44c94731f50d4ba1e667b3a3abc8811ce597de2d7571733bed36802b7c87451b7da3190406d74435fa6f7be8b81a04bd0d
-
SSDEEP
24576:oyIQPzlb1rycJtqz3EKaij5/gjn1Sn3wDcDEvJNAtMDBshzICNtz047i1vnBMrIy:vlPfrEpRN/gjMo02NrCvW5BFIrd
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-