Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    242f8806ba6c0ff404f69cd4ef3b8a5ab94617ee399fb5c6b1b117713f2a409e.bin

  • Size

    1.5MB

  • Sample

    230506-zs72psga3s

  • MD5

    33753f3f4153ae07c4379dfbee8cb421

  • SHA1

    68b4165a60a25e4c5145c89a7f234934f61dc48c

  • SHA256

    242f8806ba6c0ff404f69cd4ef3b8a5ab94617ee399fb5c6b1b117713f2a409e

  • SHA512

    aaf0cc8baa73999f16545229cb2629b40752c4ec0dc9e5b73b42d1a4e30aa74c28031656e27f4a803c86855074f12b7311ad67a4d0e78a4971dce974fe5fe5d5

  • SSDEEP

    24576:IymQICYDm4Ry3rk9mh93pzDvdCYRGun72+xtPkxX1yKH3JJ+t4Vr8t4JTcY:PuCIRy7kYhnPvZn72+bsd1yKHOErS2T

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      242f8806ba6c0ff404f69cd4ef3b8a5ab94617ee399fb5c6b1b117713f2a409e.bin

    • Size

      1.5MB

    • MD5

      33753f3f4153ae07c4379dfbee8cb421

    • SHA1

      68b4165a60a25e4c5145c89a7f234934f61dc48c

    • SHA256

      242f8806ba6c0ff404f69cd4ef3b8a5ab94617ee399fb5c6b1b117713f2a409e

    • SHA512

      aaf0cc8baa73999f16545229cb2629b40752c4ec0dc9e5b73b42d1a4e30aa74c28031656e27f4a803c86855074f12b7311ad67a4d0e78a4971dce974fe5fe5d5

    • SSDEEP

      24576:IymQICYDm4Ry3rk9mh93pzDvdCYRGun72+xtPkxX1yKH3JJ+t4Vr8t4JTcY:PuCIRy7kYhnPvZn72+bsd1yKHOErS2T

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks