Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9
-
Size
588KB
-
Sample
230506-zt8pmaeb44
-
MD5
ed541c1efe2b4b56a7640dab5e08d279
-
SHA1
dff90d35232bb2d162f870c76cea2c7192889470
-
SHA256
25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9
-
SHA512
9b044cb5231a0d968e2e19c0c5cebd28e1eeaabf80b3f9b5c543931a95c0a9c580f58f7ca2cff7cd52df1b60ca678bc5f3ef7ff0a7234ab977d22dfeed5a21f6
-
SSDEEP
12288:ZMrqy90Bj6d+YHnZ/6fHr4keBUv7VyFoR45XVxw:3yemk6/kH8dBUvAiClxw
Static task
static1
Behavioral task
behavioral1
Sample
25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daris
217.196.96.56:4138
-
auth_value
3491f24ae0250969cd45ce4b3fe77549
Targets
-
-
Target
25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9
-
Size
588KB
-
MD5
ed541c1efe2b4b56a7640dab5e08d279
-
SHA1
dff90d35232bb2d162f870c76cea2c7192889470
-
SHA256
25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9
-
SHA512
9b044cb5231a0d968e2e19c0c5cebd28e1eeaabf80b3f9b5c543931a95c0a9c580f58f7ca2cff7cd52df1b60ca678bc5f3ef7ff0a7234ab977d22dfeed5a21f6
-
SSDEEP
12288:ZMrqy90Bj6d+YHnZ/6fHr4keBUv7VyFoR45XVxw:3yemk6/kH8dBUvAiClxw
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-