Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72

  • Size

    480KB

  • Sample

    230506-zg6dqscg34

  • MD5

    4d91be6f3eddafadb1db23c080a37e27

  • SHA1

    66503ff75a31b7c642342bb8801ba7d94202de9a

  • SHA256

    18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72

  • SHA512

    f78dadb950b7c2424b9a75216e87ac7dccb341203a63a90c44afe6a433b7f0e2eca2c372158196754fb96fe43b5586de84d75b6bf73908f012654eb7056404ff

  • SSDEEP

    12288:/Mrjy90iOT7wS/gn499YZXDKrJyw+T/U53SBe9n:Uy4d/gn49zf+453Dn

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72

    • Size

      480KB

    • MD5

      4d91be6f3eddafadb1db23c080a37e27

    • SHA1

      66503ff75a31b7c642342bb8801ba7d94202de9a

    • SHA256

      18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72

    • SHA512

      f78dadb950b7c2424b9a75216e87ac7dccb341203a63a90c44afe6a433b7f0e2eca2c372158196754fb96fe43b5586de84d75b6bf73908f012654eb7056404ff

    • SSDEEP

      12288:/Mrjy90iOT7wS/gn499YZXDKrJyw+T/U53SBe9n:Uy4d/gn49zf+453Dn

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks