Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
242f8806ba6c0ff404f69cd4ef3b8a5ab94617ee399fb5c6b1b117713f2a409e.bin
-
Size
1.5MB
-
Sample
230506-zs72psga3s
-
MD5
33753f3f4153ae07c4379dfbee8cb421
-
SHA1
68b4165a60a25e4c5145c89a7f234934f61dc48c
-
SHA256
242f8806ba6c0ff404f69cd4ef3b8a5ab94617ee399fb5c6b1b117713f2a409e
-
SHA512
aaf0cc8baa73999f16545229cb2629b40752c4ec0dc9e5b73b42d1a4e30aa74c28031656e27f4a803c86855074f12b7311ad67a4d0e78a4971dce974fe5fe5d5
-
SSDEEP
24576:IymQICYDm4Ry3rk9mh93pzDvdCYRGun72+xtPkxX1yKH3JJ+t4Vr8t4JTcY:PuCIRy7kYhnPvZn72+bsd1yKHOErS2T
Static task
static1
Behavioral task
behavioral1
Sample
242f8806ba6c0ff404f69cd4ef3b8a5ab94617ee399fb5c6b1b117713f2a409e.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
242f8806ba6c0ff404f69cd4ef3b8a5ab94617ee399fb5c6b1b117713f2a409e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
242f8806ba6c0ff404f69cd4ef3b8a5ab94617ee399fb5c6b1b117713f2a409e.bin
-
Size
1.5MB
-
MD5
33753f3f4153ae07c4379dfbee8cb421
-
SHA1
68b4165a60a25e4c5145c89a7f234934f61dc48c
-
SHA256
242f8806ba6c0ff404f69cd4ef3b8a5ab94617ee399fb5c6b1b117713f2a409e
-
SHA512
aaf0cc8baa73999f16545229cb2629b40752c4ec0dc9e5b73b42d1a4e30aa74c28031656e27f4a803c86855074f12b7311ad67a4d0e78a4971dce974fe5fe5d5
-
SSDEEP
24576:IymQICYDm4Ry3rk9mh93pzDvdCYRGun72+xtPkxX1yKH3JJ+t4Vr8t4JTcY:PuCIRy7kYhnPvZn72+bsd1yKHOErS2T
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-