Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Miner Tool.zip

  • Size

    8.3MB

  • Sample

    230413-rvpzxadc91

  • MD5

    739284f9fe64d558f107f2f2c0a254a2

  • SHA1

    d0e0c88a19a66e3174093710f56f37c2a47cafd3

  • SHA256

    267611a017bb24a4c7b3231f4c5bd2688265fe0c59a30d3ce463a84cd8d7b76a

  • SHA512

    da8c51429b5a5492da650f41d40183788b2419fce63b19ac306d28d75a020775bd1a39803f2d496d20a21d56858f62c3bccc396923b7b0cc08e52d8fb781aee4

  • SSDEEP

    196608:+YgTHsK6inpq8+a0Aj4roYxJQ2L/C3OBj9SseBAkmplrRZ+nT:2fQ8/52pLzjQscmplw

Malware Config

Extracted

Family

redline

Botnet

25.03

C2

37.220.87.78:25387

Attributes
  • auth_value

    5cfc89aee6c1fd926c66b4cb6c07caa2

Targets

    • Target

      Master.dll

    • Size

      100KB

    • MD5

      8193b4b11a9802fa535f892d5c86fc8e

    • SHA1

      458afdb5acf64386762d61c559f6058abc8a2666

    • SHA256

      013f06d4f6aa119f69b6d4deec12fdef8cb8b6dfb59a61912f09334dbd2bbad7

    • SHA512

      9fa36c911c2213a0960097b8f50d337ad49a35b53815cf2964a09717aaf7eec90331f641747b8e407ba231f2073c584e37d67b8b708afddecd8223d267814138

    • SSDEEP

      1536:K/mgxiX2xErQgSiVvTuqEKqT11l9IAJZGVe47dnYjjBJbndI3q2rbsQ9gIqivDfG:KbxiAdiohHnXIFTdnYJGa2h9bvDf5wt

    Score
    1/10
    • Target

      Microsoft.CodeAnalysis.CSharp.Workspaces.dll

    • Size

      673KB

    • MD5

      e2d321cf74550c9a74c83121bf97853a

    • SHA1

      39e95480af04dbadba659f02fee82fbfeb5e0ad4

    • SHA256

      db85b7150ed7a68a485e76f37df2699db9868d808bc2d5906586d029977745bd

    • SHA512

      949db9956b14c3438c55032cb9004db58adaf28020c0b17f5b60559797237ca691147a199a6277abe1a997c29cb5a895ef38162338c8353b9e026eb3733e9f0c

    • SSDEEP

      12288:oltZ+ZD+FIP0KN9nTTj0EelqwR0XSQWpHzbt5MtREbiFPifJsaICL+aPPnDHLLul:oaP0KN9nELJQWVzvJ3ICL+aPPnDHLLul

    Score
    1/10
    • Target

      Microsoft.CodeAnalysis.Workspaces.dll

    • Size

      2.5MB

    • MD5

      75668a786f139cc19cafa833ab947139

    • SHA1

      e62e34bc8d489455c1236300c744701b7323feb4

    • SHA256

      6977a79f315ed53bb749f432608cdd9008e6b30eb3acbcfc21d074d98b4be0fd

    • SHA512

      16a6aed3d48d80e01af7543a2b71455d3232d72ca34e2e756f3c838e8df448c218b4177b39636ffd00aae4fb9a7f2d1e1cf2f83e3301748f9588bbe25ea5915d

    • SSDEEP

      49152:NzImEdE/ZtxnVaiOcoW+mVg9MAyqUR6K+NIMA+ZJvuotOGE2t8FGsBIA:NzImEdElVaiOv/mVg9MZC8IA

    Score
    1/10
    • Target

      Microsoft.VisualStudio.Web.CodeGeneration.Contracts.dll

    • Size

      22KB

    • MD5

      d261765b9dbcf46a947efff66e4d87b9

    • SHA1

      2846f7f4cc58d3030d3f428a1a36e9fe3f595af7

    • SHA256

      f16d58aa62e020ec01af3652c4154931a72394fb5d24d3af98481b4f6268b754

    • SHA512

      9bf9d8c20c14d758a7974ad57d9c7898f9fb57e17fa9f81ef0be8734ef998e35ffbf28c28b666bf1fbc11aa1703e4adbd25b116a66d6714187a5405b52b9487f

    • SSDEEP

      384:0Y6GSsCyPzH67qr/JIHbBPGrrzW+twW3c4HRN7op6sTTXZlOJ:76G9vbXbJIHFaFZBoQsY

    Score
    1/10
    • Target

      Microsoft.VisualStudio.Web.CodeGeneration.Core.dll

    • Size

      71KB

    • MD5

      acfcce6ad9ca4b6200cafa90f3ba7218

    • SHA1

      503b3d5e89f083b6713e98aa60ed0c6e5d31eb25

    • SHA256

      1db7164e2c622de8cb0ede459b10a288dcdf4fb5a7bdef59449a39aca4f12316

    • SHA512

      2f4799866c72cf1cbad528f95124c11786f1cd91c8b4f1301ebe84031404b9f938003a3bba575e1752815dbfb0c4e22f938d3f9d9696122d5282a233e00155c6

    • SSDEEP

      1536:FieWfhNFYvPNllXmrzmy3YeNrosA6OlcRBsx:FFkNaNllXSZYeN8Om

    Score
    1/10
    • Target

      Microsoft.VisualStudio.Web.CodeGeneration.EntityFrameworkCore.dll

    • Size

      67KB

    • MD5

      6176c612006ca538881a008a0fdda8c2

    • SHA1

      3b58287a5606428d1e6a059618e84cbb9af4e0ee

    • SHA256

      4a0b73b22069a2c11c023e1613692167904585bdbf5ae550f0cac298620de3e6

    • SHA512

      af34efa4878c8f3859fa8fe42e2a20812ee4268d1b836564976bc2e2359228a6e73689ba66094d479e4e27a91da83e00a0b47fc09540875031714c3f0f768fb5

    • SSDEEP

      1536:gHNaDCfRcKFRDwt+rvDLpGdquA/DwHkasYBc:wNaGfRcKXDwOFCA/KYH

    Score
    1/10
    • Target

      Microsoft.VisualStudio.Web.CodeGeneration.Templating.dll

    • Size

      27KB

    • MD5

      044ba500a4a699dd0f632a097a23642b

    • SHA1

      60d38de0f7f8d2a5e22e226cc24bddb6ac8824ed

    • SHA256

      de7d2844010d0d545876bd719875f43ee8a4bcfba1a1e6903e6fd4796d79ec3c

    • SHA512

      f5cb6f524ade578398c4201af51cee570150d8dec45d28c090cada2e3595ccd7be756681b359c574eff5e0dd3625208110cf1aa83da5068ed9fcff559ae82ca1

    • SSDEEP

      384:RRFY2N8HkgS0maZWTctSyl8//FGeoY7qqG+oebp97t2CJN9Rm9+ANt7PGsA3Fqz4:FyUN9oYWq1EHipqBiMtQ4k

    Score
    1/10
    • Target

      Microsoft.VisualStudio.Web.CodeGeneration.Utils.dll

    • Size

      34KB

    • MD5

      2f79c25ec227a3cbbadba8b86aa4b983

    • SHA1

      bd1037f86ca675761b7cb25696bea73f7416e22b

    • SHA256

      3a9fa2a522b0d9469861d868326d9ae859cba82977f01b15d2290fc3bed95822

    • SHA512

      8a636fdafba69ad3f99e6aecffcbe6d2a58a4ab928c16a60683134aa9f2774608b7adf677322ffd75a0ca08fa98f5e2da89194c678a3d6199db3588282a28b41

    • SSDEEP

      768:WFaft0yiVEbhXh6WB7RwGGxZVkopAROeIWTWYQuoBpg:L0yNL9GxHkoGRO+1QuoB

    Score
    1/10
    • Target

      Microsoft.VisualStudio.Web.CodeGeneration.dll

    • Size

      35KB

    • MD5

      539e073ceb067af93642ccdd76e40a69

    • SHA1

      55b9f7d77bb31f2164b0a6d6b71d4421d8cc79d4

    • SHA256

      1e22288e8854428ed9b2ab2b2317ef3b9a5ffd5ac8c62644ba1dfb1926956370

    • SHA512

      2257f219f9b4c2fb6ac130ffbad3d746ecbc5d55092f297f0940ab54570badac84136aa0310525aeaea55def19ba32140536b448c713fdffa2a217f58fb9f859

    • SSDEEP

      384:ua50h476Z3JoUlJ8DdkZArFbIEuNoivhfpeHrkw1O4jPFGZl4X4HBxuPG0iazWcv:PNUJmTKoZpbg2IhxunH0BuMgz

    Score
    1/10
    • Target

      Microsoft.VisualStudio.Web.CodeGenerators.Mvc.dll

    • Size

      178KB

    • MD5

      2b374a087652e178358346aefcae6503

    • SHA1

      0d964545a87ccb5fc331fd95b9345a5f721828cb

    • SHA256

      796e4dd9648b2909a0f3ec6ee4ecd9bb3d5a97c8db9ee49749cf97f07a5fb50f

    • SHA512

      e3f069150d6fab51ed5906c6fc741afeaacba26d247cfdd02b2abc313a3e5710c790351165336310fc4290d18dd3fe59e925306040682a751162ee44839a31b3

    • SSDEEP

      1536:OEZrQQRKBfJzVENsnQazH2L6pQ4giF/BnO0NUQvk0kHwMBp2n1xemeIbA1PYBfQ:PrQwK2N2H2L6pQwNBbNUC0wMG1eIbARb

    Score
    1/10
    • Target

      Miner Tool v1.4.0.exe

    • Size

      746.7MB

    • MD5

      1507da8516ea70c6b83d8c351dcf2478

    • SHA1

      4d976fb0bb770fe9789e2c4275e0d8dddee8333a

    • SHA256

      fa8f526f6498f0ecfd179876064cd7b19a66cf39cf07eb994e2aa95ed505bc0e

    • SHA512

      80a73ee8950d7046ccdd4fb06332f97ba470fa6a7466b04f56680a401588dd8cea57c4da2d759db1c12b57a01c3995a824ff3fe332435fbd558e07fe3dc6ec4f

    • SSDEEP

      49152:WOZM2g29VOD1yQpHfzivSp5vrMtyqvFhbqo4uHBlBcl:PLa1JpzivevrMty8bqozB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

    • Target

      MinerTool.Views.dll

    • Size

      17KB

    • MD5

      e3b418b00ebca82244eb6e273efb4337

    • SHA1

      300e834ccf5943e1703dd26b7db2d45a84c84d65

    • SHA256

      14c2462a07e4c0c20b44bc3cfa056086f617803f961180cd43678870781d61fc

    • SHA512

      9f1b69f26feafea0fa45aef45b8453cf68451deee71275dada0b8857009d1792abe84d365bae2e0c33e6050cf96a19a7361f4b60f9f264574f1f9ccc4369efe7

    • SSDEEP

      384:x3JMnI1jTqYH4aqWOGD48Dt40i9bEgtSeuhfZIpZr0U:xCQj1La9IhfZIpZrF

    Score
    1/10
    • Target

      MinerTool.dll

    • Size

      40KB

    • MD5

      0dfe83136b69ed4a73942bb0c7644b1f

    • SHA1

      9acaab2849898baba383bda2f77c1416d12c0ded

    • SHA256

      c69fe4b52893fbc88736e942fe1b0ba4b57affaf4b53ab2d52506e50acadecc8

    • SHA512

      2cefadf0fb1680ca4adadf4a34771a4071a4e70349f44f01adfc9834e776880e36561e23e8d4c77ff6f2612e0383ccb27d68556c6db4aeed4356df3895319f02

    • SSDEEP

      768:lg5/atKE3OcUKctYMeXsmp4d1YTH29bw+e6gfD3uMHovZU4E0pOI:S5/at4YbCd0Hl+Eu/Uupj

    Score
    3/10
    • Target

      Newtonsoft.Json.dll

    • Size

      653KB

    • MD5

      b5ccbedf93f9fec636ce9fe8b331712e

    • SHA1

      df421230c4e03143c10ed7e8b8687686ab75ba23

    • SHA256

      04f79700c4d9291f2927b2e9400f3ec38b28245195d532edd8f3e99e6a4151e1

    • SHA512

      017f52814e6ebdfd64d17b1729116303dbcdf4e7b658c398da5900b4cbf9a6a365d72e3f44702cffcd71bc64fbee3b087f71f293e39fc66f8d539bf96da8d837

    • SSDEEP

      12288:quX7oLVyEV1vJDCGotndpqlXcJMo10qh3HBdjWUN:qNx3CIqMM0UBdjW8

    Score
    1/10
    • Target

      NuGet.Frameworks.dll

    • Size

      106KB

    • MD5

      7212779d5f18755ea60cc192fabbd7d0

    • SHA1

      d07a5f1e5555de4e395adfd4975e9561d0731dd9

    • SHA256

      9c021fbbdf0c763f5743c010f9634caf36b54224965265ee8dc42c8b538dc180

    • SHA512

      9550836c086ef2ae798d0662be117f4a79203ee9020c491af2791c09ca76c5dbb799dbfed86ff8d0188e9c9c8874958005b68605a4dd18606c42f9744a4d1a3a

    • SSDEEP

      1536:QmTBX9eQYwolomq74y4aMtkPSRr201BlOfyk4ZVzeMO:QM/oloZMt5xBzju

    Score
    1/10
    • Target

      SharedSerialization.dll

    • Size

      30KB

    • MD5

      930963786e4f43df059dca81b667ffdb

    • SHA1

      619337dd3f6341af1cb1d3550a06ebd89c5c0ef4

    • SHA256

      e3081352a0d002e29cb28d6feef5c0163261f9dddbb0db955e8408e09ac0c1f5

    • SHA512

      14f39f2227058c20e2681fa459b5556ce0571b0c9a4d2e8285560b3a51d9a36d0f1d6cf5a87b5ebbcbeb6dc122224f7905624210f9b7ad376cd3d228d45b8002

    • SSDEEP

      768:d3PPQ4pmo7nRGUUMFgG8xSPPQJR0FlpVsijX6Qy6/Ghr1eF5xVoWJr:NPPQ4pmo7nRGUUMFgG8xSPPQwV7jYt1u

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
1/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

redline25.03infostealerspyware
Score
10/10

behavioral22

redline25.03infostealerspyware
Score
10/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10