Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2558981bf71e5f19b5396c9fa07deeb97cc9a74d7eb797f05b424ecb98f66d6e.bin
-
Size
1.5MB
-
Sample
230506-ztxmcsea85
-
MD5
332304208f0813f031272e038f30e917
-
SHA1
e1fb23d53820b0784e9ad18a040a0592c1764854
-
SHA256
2558981bf71e5f19b5396c9fa07deeb97cc9a74d7eb797f05b424ecb98f66d6e
-
SHA512
48833e3be53e67c938ac5a6b4eaa73bcd45ee4edd26183c90cd30f98d9919df41c6124c2e1cefac4d3ef423d1d9588984684f8f6edf8b2815f9db653096a51e3
-
SSDEEP
24576:5yNxSqTZIl9b8xQiFkgKoPYufqC8l51q0IV7xRw0ZzwBzLeXjeOswmSdl6c4azOx:svSqo9bkQiFkgw87Aj/27w53eXjXCSK
Static task
static1
Behavioral task
behavioral1
Sample
2558981bf71e5f19b5396c9fa07deeb97cc9a74d7eb797f05b424ecb98f66d6e.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2558981bf71e5f19b5396c9fa07deeb97cc9a74d7eb797f05b424ecb98f66d6e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
2558981bf71e5f19b5396c9fa07deeb97cc9a74d7eb797f05b424ecb98f66d6e.bin
-
Size
1.5MB
-
MD5
332304208f0813f031272e038f30e917
-
SHA1
e1fb23d53820b0784e9ad18a040a0592c1764854
-
SHA256
2558981bf71e5f19b5396c9fa07deeb97cc9a74d7eb797f05b424ecb98f66d6e
-
SHA512
48833e3be53e67c938ac5a6b4eaa73bcd45ee4edd26183c90cd30f98d9919df41c6124c2e1cefac4d3ef423d1d9588984684f8f6edf8b2815f9db653096a51e3
-
SSDEEP
24576:5yNxSqTZIl9b8xQiFkgKoPYufqC8l51q0IV7xRw0ZzwBzLeXjeOswmSdl6c4azOx:svSqo9bkQiFkgw87Aj/27w53eXjXCSK
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-