Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2525a29d7709466ff6df427678dd119d4c031a1344d82218f8bb890b6c5368f6.bin

  • Size

    1.5MB

  • Sample

    230506-zttkpsea74

  • MD5

    be60ee130faeea5bb8b5dd7146bf1163

  • SHA1

    4addbee09c1a762139aef5efd8541d945462ed78

  • SHA256

    2525a29d7709466ff6df427678dd119d4c031a1344d82218f8bb890b6c5368f6

  • SHA512

    75dfa717253fdcaf99eb5821c899c249c368a592dd4f0545aef40e55fc2548f7808e9572b9ef719f805b403f54cbeda788eb37f224915d8b17b6a43a251ca010

  • SSDEEP

    24576:tysMJY4UgCofCDvSwgGYsftcwKkOQ6W83lm/ZHyvtV6kyuMml7NWXCiCaZ+J2KY:Is66rofCDvSgHmwFOQY1m0V5GQN2Ci5

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      2525a29d7709466ff6df427678dd119d4c031a1344d82218f8bb890b6c5368f6.bin

    • Size

      1.5MB

    • MD5

      be60ee130faeea5bb8b5dd7146bf1163

    • SHA1

      4addbee09c1a762139aef5efd8541d945462ed78

    • SHA256

      2525a29d7709466ff6df427678dd119d4c031a1344d82218f8bb890b6c5368f6

    • SHA512

      75dfa717253fdcaf99eb5821c899c249c368a592dd4f0545aef40e55fc2548f7808e9572b9ef719f805b403f54cbeda788eb37f224915d8b17b6a43a251ca010

    • SSDEEP

      24576:tysMJY4UgCofCDvSwgGYsftcwKkOQ6W83lm/ZHyvtV6kyuMml7NWXCiCaZ+J2KY:Is66rofCDvSgHmwFOQY1m0V5GQN2Ci5

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks