Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9

  • Size

    588KB

  • Sample

    230506-zt8pmaeb44

  • MD5

    ed541c1efe2b4b56a7640dab5e08d279

  • SHA1

    dff90d35232bb2d162f870c76cea2c7192889470

  • SHA256

    25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9

  • SHA512

    9b044cb5231a0d968e2e19c0c5cebd28e1eeaabf80b3f9b5c543931a95c0a9c580f58f7ca2cff7cd52df1b60ca678bc5f3ef7ff0a7234ab977d22dfeed5a21f6

  • SSDEEP

    12288:ZMrqy90Bj6d+YHnZ/6fHr4keBUv7VyFoR45XVxw:3yemk6/kH8dBUvAiClxw

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9

    • Size

      588KB

    • MD5

      ed541c1efe2b4b56a7640dab5e08d279

    • SHA1

      dff90d35232bb2d162f870c76cea2c7192889470

    • SHA256

      25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9

    • SHA512

      9b044cb5231a0d968e2e19c0c5cebd28e1eeaabf80b3f9b5c543931a95c0a9c580f58f7ca2cff7cd52df1b60ca678bc5f3ef7ff0a7234ab977d22dfeed5a21f6

    • SSDEEP

      12288:ZMrqy90Bj6d+YHnZ/6fHr4keBUv7VyFoR45XVxw:3yemk6/kH8dBUvAiClxw

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks