Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f.bin
-
Size
1.5MB
-
Sample
230506-zrznyadg76
-
MD5
64a48944628e9786978e243aa5ef628f
-
SHA1
0b3cffe9f70b5b38f1be03bf5b7dc79b3b417da5
-
SHA256
2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f
-
SHA512
d2ebd51f4b1bc38a3395ac06525917d6f2703392186252070353bc055d7aca16897ffdd5bf3c3382a4940a63830dd0312ff550c1e879010a84171b1024dc9b9d
-
SSDEEP
24576:Iy6/g14sotpfiYb6mROE0k5iggexwSA/SV1wSfNV9t6OyDR2OAU:PQs0686UOu7g+06T3fLmO423
Static task
static1
Behavioral task
behavioral1
Sample
2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f.bin
-
Size
1.5MB
-
MD5
64a48944628e9786978e243aa5ef628f
-
SHA1
0b3cffe9f70b5b38f1be03bf5b7dc79b3b417da5
-
SHA256
2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f
-
SHA512
d2ebd51f4b1bc38a3395ac06525917d6f2703392186252070353bc055d7aca16897ffdd5bf3c3382a4940a63830dd0312ff550c1e879010a84171b1024dc9b9d
-
SSDEEP
24576:Iy6/g14sotpfiYb6mROE0k5iggexwSA/SV1wSfNV9t6OyDR2OAU:PQs0686UOu7g+06T3fLmO423
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-