Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2558981bf71e5f19b5396c9fa07deeb97cc9a74d7eb797f05b424ecb98f66d6e.bin

  • Size

    1.5MB

  • Sample

    230506-ztxmcsea85

  • MD5

    332304208f0813f031272e038f30e917

  • SHA1

    e1fb23d53820b0784e9ad18a040a0592c1764854

  • SHA256

    2558981bf71e5f19b5396c9fa07deeb97cc9a74d7eb797f05b424ecb98f66d6e

  • SHA512

    48833e3be53e67c938ac5a6b4eaa73bcd45ee4edd26183c90cd30f98d9919df41c6124c2e1cefac4d3ef423d1d9588984684f8f6edf8b2815f9db653096a51e3

  • SSDEEP

    24576:5yNxSqTZIl9b8xQiFkgKoPYufqC8l51q0IV7xRw0ZzwBzLeXjeOswmSdl6c4azOx:svSqo9bkQiFkgw87Aj/27w53eXjXCSK

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      2558981bf71e5f19b5396c9fa07deeb97cc9a74d7eb797f05b424ecb98f66d6e.bin

    • Size

      1.5MB

    • MD5

      332304208f0813f031272e038f30e917

    • SHA1

      e1fb23d53820b0784e9ad18a040a0592c1764854

    • SHA256

      2558981bf71e5f19b5396c9fa07deeb97cc9a74d7eb797f05b424ecb98f66d6e

    • SHA512

      48833e3be53e67c938ac5a6b4eaa73bcd45ee4edd26183c90cd30f98d9919df41c6124c2e1cefac4d3ef423d1d9588984684f8f6edf8b2815f9db653096a51e3

    • SSDEEP

      24576:5yNxSqTZIl9b8xQiFkgKoPYufqC8l51q0IV7xRw0ZzwBzLeXjeOswmSdl6c4azOx:svSqo9bkQiFkgw87Aj/27w53eXjXCSK

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks