Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f.bin

  • Size

    1.5MB

  • Sample

    230506-zrznyadg76

  • MD5

    64a48944628e9786978e243aa5ef628f

  • SHA1

    0b3cffe9f70b5b38f1be03bf5b7dc79b3b417da5

  • SHA256

    2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f

  • SHA512

    d2ebd51f4b1bc38a3395ac06525917d6f2703392186252070353bc055d7aca16897ffdd5bf3c3382a4940a63830dd0312ff550c1e879010a84171b1024dc9b9d

  • SSDEEP

    24576:Iy6/g14sotpfiYb6mROE0k5iggexwSA/SV1wSfNV9t6OyDR2OAU:PQs0686UOu7g+06T3fLmO423

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f.bin

    • Size

      1.5MB

    • MD5

      64a48944628e9786978e243aa5ef628f

    • SHA1

      0b3cffe9f70b5b38f1be03bf5b7dc79b3b417da5

    • SHA256

      2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f

    • SHA512

      d2ebd51f4b1bc38a3395ac06525917d6f2703392186252070353bc055d7aca16897ffdd5bf3c3382a4940a63830dd0312ff550c1e879010a84171b1024dc9b9d

    • SSDEEP

      24576:Iy6/g14sotpfiYb6mROE0k5iggexwSA/SV1wSfNV9t6OyDR2OAU:PQs0686UOu7g+06T3fLmO423

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks