Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72
-
Size
480KB
-
Sample
230506-zg6dqscg34
-
MD5
4d91be6f3eddafadb1db23c080a37e27
-
SHA1
66503ff75a31b7c642342bb8801ba7d94202de9a
-
SHA256
18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72
-
SHA512
f78dadb950b7c2424b9a75216e87ac7dccb341203a63a90c44afe6a433b7f0e2eca2c372158196754fb96fe43b5586de84d75b6bf73908f012654eb7056404ff
-
SSDEEP
12288:/Mrjy90iOT7wS/gn499YZXDKrJyw+T/U53SBe9n:Uy4d/gn49zf+453Dn
Static task
static1
Behavioral task
behavioral1
Sample
18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daris
217.196.96.56:4138
-
auth_value
3491f24ae0250969cd45ce4b3fe77549
Targets
-
-
Target
18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72
-
Size
480KB
-
MD5
4d91be6f3eddafadb1db23c080a37e27
-
SHA1
66503ff75a31b7c642342bb8801ba7d94202de9a
-
SHA256
18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72
-
SHA512
f78dadb950b7c2424b9a75216e87ac7dccb341203a63a90c44afe6a433b7f0e2eca2c372158196754fb96fe43b5586de84d75b6bf73908f012654eb7056404ff
-
SSDEEP
12288:/Mrjy90iOT7wS/gn499YZXDKrJyw+T/U53SBe9n:Uy4d/gn49zf+453Dn
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-