Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
1Master.dll
windows7-x64
1Master.dll
windows10-2004-x64
1Microsoft....es.dll
windows7-x64
1Microsoft....es.dll
windows10-2004-x64
1Microsoft....es.dll
windows7-x64
1Microsoft....es.dll
windows10-2004-x64
1Microsoft....ts.dll
windows7-x64
1Microsoft....ts.dll
windows10-2004-x64
1Microsoft....re.dll
windows7-x64
1Microsoft....re.dll
windows10-2004-x64
1Microsoft....re.dll
windows7-x64
1Microsoft....re.dll
windows10-2004-x64
1Microsoft....ng.dll
windows7-x64
1Microsoft....ng.dll
windows10-2004-x64
1Microsoft....ls.dll
windows7-x64
1Microsoft....ls.dll
windows10-2004-x64
1Microsoft....on.dll
windows7-x64
1Microsoft....on.dll
windows10-2004-x64
1Microsoft....vc.dll
windows7-x64
1Microsoft....vc.dll
windows10-2004-x64
1Miner Tool v1.4.0.exe
windows7-x64
10Miner Tool v1.4.0.exe
windows10-2004-x64
10MinerTool.Views.dll
windows7-x64
1MinerTool.Views.dll
windows10-2004-x64
1MinerTool.exe
windows7-x64
3MinerTool.exe
windows10-2004-x64
3Newtonsoft.Json.dll
windows7-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1NuGet.Frameworks.dll
windows7-x64
1NuGet.Frameworks.dll
windows10-2004-x64
1SharedSeri...on.dll
windows7-x64
1SharedSeri...on.dll
windows10-2004-x64
1General
-
Target
Miner Tool.zip
-
Size
8.3MB
-
Sample
230413-rvpzxadc91
-
MD5
739284f9fe64d558f107f2f2c0a254a2
-
SHA1
d0e0c88a19a66e3174093710f56f37c2a47cafd3
-
SHA256
267611a017bb24a4c7b3231f4c5bd2688265fe0c59a30d3ce463a84cd8d7b76a
-
SHA512
da8c51429b5a5492da650f41d40183788b2419fce63b19ac306d28d75a020775bd1a39803f2d496d20a21d56858f62c3bccc396923b7b0cc08e52d8fb781aee4
-
SSDEEP
196608:+YgTHsK6inpq8+a0Aj4roYxJQ2L/C3OBj9SseBAkmplrRZ+nT:2fQ8/52pLzjQscmplw
Static task
static1
Behavioral task
behavioral1
Sample
Master.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Master.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Microsoft.CodeAnalysis.CSharp.Workspaces.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Microsoft.CodeAnalysis.CSharp.Workspaces.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
Microsoft.CodeAnalysis.Workspaces.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Microsoft.CodeAnalysis.Workspaces.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Microsoft.VisualStudio.Web.CodeGeneration.Contracts.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
Microsoft.VisualStudio.Web.CodeGeneration.Contracts.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral9
Sample
Microsoft.VisualStudio.Web.CodeGeneration.Core.dll
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
Microsoft.VisualStudio.Web.CodeGeneration.Core.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
Microsoft.VisualStudio.Web.CodeGeneration.EntityFrameworkCore.dll
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
Microsoft.VisualStudio.Web.CodeGeneration.EntityFrameworkCore.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
Microsoft.VisualStudio.Web.CodeGeneration.Templating.dll
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
Microsoft.VisualStudio.Web.CodeGeneration.Templating.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
Microsoft.VisualStudio.Web.CodeGeneration.Utils.dll
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
Microsoft.VisualStudio.Web.CodeGeneration.Utils.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
Microsoft.VisualStudio.Web.CodeGeneration.dll
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
Microsoft.VisualStudio.Web.CodeGeneration.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
Microsoft.VisualStudio.Web.CodeGenerators.Mvc.dll
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
Microsoft.VisualStudio.Web.CodeGenerators.Mvc.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
Miner Tool v1.4.0.exe
Resource
win7-20230220-en
Behavioral task
behavioral22
Sample
Miner Tool v1.4.0.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
MinerTool.Views.dll
Resource
win7-20230220-en
Behavioral task
behavioral24
Sample
MinerTool.Views.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral25
Sample
MinerTool.exe
Resource
win7-20230220-en
Behavioral task
behavioral26
Sample
MinerTool.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral27
Sample
Newtonsoft.Json.dll
Resource
win7-20230220-en
Behavioral task
behavioral28
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral29
Sample
NuGet.Frameworks.dll
Resource
win7-20230220-en
Behavioral task
behavioral30
Sample
NuGet.Frameworks.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral31
Sample
SharedSerialization.dll
Resource
win7-20230220-en
Behavioral task
behavioral32
Sample
SharedSerialization.dll
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
25.03
37.220.87.78:25387
-
auth_value
5cfc89aee6c1fd926c66b4cb6c07caa2
Targets
-
-
Target
Master.dll
-
Size
100KB
-
MD5
8193b4b11a9802fa535f892d5c86fc8e
-
SHA1
458afdb5acf64386762d61c559f6058abc8a2666
-
SHA256
013f06d4f6aa119f69b6d4deec12fdef8cb8b6dfb59a61912f09334dbd2bbad7
-
SHA512
9fa36c911c2213a0960097b8f50d337ad49a35b53815cf2964a09717aaf7eec90331f641747b8e407ba231f2073c584e37d67b8b708afddecd8223d267814138
-
SSDEEP
1536:K/mgxiX2xErQgSiVvTuqEKqT11l9IAJZGVe47dnYjjBJbndI3q2rbsQ9gIqivDfG:KbxiAdiohHnXIFTdnYJGa2h9bvDf5wt
Score1/10 -
-
-
Target
Microsoft.CodeAnalysis.CSharp.Workspaces.dll
-
Size
673KB
-
MD5
e2d321cf74550c9a74c83121bf97853a
-
SHA1
39e95480af04dbadba659f02fee82fbfeb5e0ad4
-
SHA256
db85b7150ed7a68a485e76f37df2699db9868d808bc2d5906586d029977745bd
-
SHA512
949db9956b14c3438c55032cb9004db58adaf28020c0b17f5b60559797237ca691147a199a6277abe1a997c29cb5a895ef38162338c8353b9e026eb3733e9f0c
-
SSDEEP
12288:oltZ+ZD+FIP0KN9nTTj0EelqwR0XSQWpHzbt5MtREbiFPifJsaICL+aPPnDHLLul:oaP0KN9nELJQWVzvJ3ICL+aPPnDHLLul
Score1/10 -
-
-
Target
Microsoft.CodeAnalysis.Workspaces.dll
-
Size
2.5MB
-
MD5
75668a786f139cc19cafa833ab947139
-
SHA1
e62e34bc8d489455c1236300c744701b7323feb4
-
SHA256
6977a79f315ed53bb749f432608cdd9008e6b30eb3acbcfc21d074d98b4be0fd
-
SHA512
16a6aed3d48d80e01af7543a2b71455d3232d72ca34e2e756f3c838e8df448c218b4177b39636ffd00aae4fb9a7f2d1e1cf2f83e3301748f9588bbe25ea5915d
-
SSDEEP
49152:NzImEdE/ZtxnVaiOcoW+mVg9MAyqUR6K+NIMA+ZJvuotOGE2t8FGsBIA:NzImEdElVaiOv/mVg9MZC8IA
Score1/10 -
-
-
Target
Microsoft.VisualStudio.Web.CodeGeneration.Contracts.dll
-
Size
22KB
-
MD5
d261765b9dbcf46a947efff66e4d87b9
-
SHA1
2846f7f4cc58d3030d3f428a1a36e9fe3f595af7
-
SHA256
f16d58aa62e020ec01af3652c4154931a72394fb5d24d3af98481b4f6268b754
-
SHA512
9bf9d8c20c14d758a7974ad57d9c7898f9fb57e17fa9f81ef0be8734ef998e35ffbf28c28b666bf1fbc11aa1703e4adbd25b116a66d6714187a5405b52b9487f
-
SSDEEP
384:0Y6GSsCyPzH67qr/JIHbBPGrrzW+twW3c4HRN7op6sTTXZlOJ:76G9vbXbJIHFaFZBoQsY
Score1/10 -
-
-
Target
Microsoft.VisualStudio.Web.CodeGeneration.Core.dll
-
Size
71KB
-
MD5
acfcce6ad9ca4b6200cafa90f3ba7218
-
SHA1
503b3d5e89f083b6713e98aa60ed0c6e5d31eb25
-
SHA256
1db7164e2c622de8cb0ede459b10a288dcdf4fb5a7bdef59449a39aca4f12316
-
SHA512
2f4799866c72cf1cbad528f95124c11786f1cd91c8b4f1301ebe84031404b9f938003a3bba575e1752815dbfb0c4e22f938d3f9d9696122d5282a233e00155c6
-
SSDEEP
1536:FieWfhNFYvPNllXmrzmy3YeNrosA6OlcRBsx:FFkNaNllXSZYeN8Om
Score1/10 -
-
-
Target
Microsoft.VisualStudio.Web.CodeGeneration.EntityFrameworkCore.dll
-
Size
67KB
-
MD5
6176c612006ca538881a008a0fdda8c2
-
SHA1
3b58287a5606428d1e6a059618e84cbb9af4e0ee
-
SHA256
4a0b73b22069a2c11c023e1613692167904585bdbf5ae550f0cac298620de3e6
-
SHA512
af34efa4878c8f3859fa8fe42e2a20812ee4268d1b836564976bc2e2359228a6e73689ba66094d479e4e27a91da83e00a0b47fc09540875031714c3f0f768fb5
-
SSDEEP
1536:gHNaDCfRcKFRDwt+rvDLpGdquA/DwHkasYBc:wNaGfRcKXDwOFCA/KYH
Score1/10 -
-
-
Target
Microsoft.VisualStudio.Web.CodeGeneration.Templating.dll
-
Size
27KB
-
MD5
044ba500a4a699dd0f632a097a23642b
-
SHA1
60d38de0f7f8d2a5e22e226cc24bddb6ac8824ed
-
SHA256
de7d2844010d0d545876bd719875f43ee8a4bcfba1a1e6903e6fd4796d79ec3c
-
SHA512
f5cb6f524ade578398c4201af51cee570150d8dec45d28c090cada2e3595ccd7be756681b359c574eff5e0dd3625208110cf1aa83da5068ed9fcff559ae82ca1
-
SSDEEP
384:RRFY2N8HkgS0maZWTctSyl8//FGeoY7qqG+oebp97t2CJN9Rm9+ANt7PGsA3Fqz4:FyUN9oYWq1EHipqBiMtQ4k
Score1/10 -
-
-
Target
Microsoft.VisualStudio.Web.CodeGeneration.Utils.dll
-
Size
34KB
-
MD5
2f79c25ec227a3cbbadba8b86aa4b983
-
SHA1
bd1037f86ca675761b7cb25696bea73f7416e22b
-
SHA256
3a9fa2a522b0d9469861d868326d9ae859cba82977f01b15d2290fc3bed95822
-
SHA512
8a636fdafba69ad3f99e6aecffcbe6d2a58a4ab928c16a60683134aa9f2774608b7adf677322ffd75a0ca08fa98f5e2da89194c678a3d6199db3588282a28b41
-
SSDEEP
768:WFaft0yiVEbhXh6WB7RwGGxZVkopAROeIWTWYQuoBpg:L0yNL9GxHkoGRO+1QuoB
Score1/10 -
-
-
Target
Microsoft.VisualStudio.Web.CodeGeneration.dll
-
Size
35KB
-
MD5
539e073ceb067af93642ccdd76e40a69
-
SHA1
55b9f7d77bb31f2164b0a6d6b71d4421d8cc79d4
-
SHA256
1e22288e8854428ed9b2ab2b2317ef3b9a5ffd5ac8c62644ba1dfb1926956370
-
SHA512
2257f219f9b4c2fb6ac130ffbad3d746ecbc5d55092f297f0940ab54570badac84136aa0310525aeaea55def19ba32140536b448c713fdffa2a217f58fb9f859
-
SSDEEP
384:ua50h476Z3JoUlJ8DdkZArFbIEuNoivhfpeHrkw1O4jPFGZl4X4HBxuPG0iazWcv:PNUJmTKoZpbg2IhxunH0BuMgz
Score1/10 -
-
-
Target
Microsoft.VisualStudio.Web.CodeGenerators.Mvc.dll
-
Size
178KB
-
MD5
2b374a087652e178358346aefcae6503
-
SHA1
0d964545a87ccb5fc331fd95b9345a5f721828cb
-
SHA256
796e4dd9648b2909a0f3ec6ee4ecd9bb3d5a97c8db9ee49749cf97f07a5fb50f
-
SHA512
e3f069150d6fab51ed5906c6fc741afeaacba26d247cfdd02b2abc313a3e5710c790351165336310fc4290d18dd3fe59e925306040682a751162ee44839a31b3
-
SSDEEP
1536:OEZrQQRKBfJzVENsnQazH2L6pQ4giF/BnO0NUQvk0kHwMBp2n1xemeIbA1PYBfQ:PrQwK2N2H2L6pQwNBbNUC0wMG1eIbARb
Score1/10 -
-
-
Target
Miner Tool v1.4.0.exe
-
Size
746.7MB
-
MD5
1507da8516ea70c6b83d8c351dcf2478
-
SHA1
4d976fb0bb770fe9789e2c4275e0d8dddee8333a
-
SHA256
fa8f526f6498f0ecfd179876064cd7b19a66cf39cf07eb994e2aa95ed505bc0e
-
SHA512
80a73ee8950d7046ccdd4fb06332f97ba470fa6a7466b04f56680a401588dd8cea57c4da2d759db1c12b57a01c3995a824ff3fe332435fbd558e07fe3dc6ec4f
-
SSDEEP
49152:WOZM2g29VOD1yQpHfzivSp5vrMtyqvFhbqo4uHBlBcl:PLa1JpzivevrMty8bqozB
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
MinerTool.Views.dll
-
Size
17KB
-
MD5
e3b418b00ebca82244eb6e273efb4337
-
SHA1
300e834ccf5943e1703dd26b7db2d45a84c84d65
-
SHA256
14c2462a07e4c0c20b44bc3cfa056086f617803f961180cd43678870781d61fc
-
SHA512
9f1b69f26feafea0fa45aef45b8453cf68451deee71275dada0b8857009d1792abe84d365bae2e0c33e6050cf96a19a7361f4b60f9f264574f1f9ccc4369efe7
-
SSDEEP
384:x3JMnI1jTqYH4aqWOGD48Dt40i9bEgtSeuhfZIpZr0U:xCQj1La9IhfZIpZrF
Score1/10 -
-
-
Target
MinerTool.dll
-
Size
40KB
-
MD5
0dfe83136b69ed4a73942bb0c7644b1f
-
SHA1
9acaab2849898baba383bda2f77c1416d12c0ded
-
SHA256
c69fe4b52893fbc88736e942fe1b0ba4b57affaf4b53ab2d52506e50acadecc8
-
SHA512
2cefadf0fb1680ca4adadf4a34771a4071a4e70349f44f01adfc9834e776880e36561e23e8d4c77ff6f2612e0383ccb27d68556c6db4aeed4356df3895319f02
-
SSDEEP
768:lg5/atKE3OcUKctYMeXsmp4d1YTH29bw+e6gfD3uMHovZU4E0pOI:S5/at4YbCd0Hl+Eu/Uupj
Score3/10 -
-
-
Target
Newtonsoft.Json.dll
-
Size
653KB
-
MD5
b5ccbedf93f9fec636ce9fe8b331712e
-
SHA1
df421230c4e03143c10ed7e8b8687686ab75ba23
-
SHA256
04f79700c4d9291f2927b2e9400f3ec38b28245195d532edd8f3e99e6a4151e1
-
SHA512
017f52814e6ebdfd64d17b1729116303dbcdf4e7b658c398da5900b4cbf9a6a365d72e3f44702cffcd71bc64fbee3b087f71f293e39fc66f8d539bf96da8d837
-
SSDEEP
12288:quX7oLVyEV1vJDCGotndpqlXcJMo10qh3HBdjWUN:qNx3CIqMM0UBdjW8
Score1/10 -
-
-
Target
NuGet.Frameworks.dll
-
Size
106KB
-
MD5
7212779d5f18755ea60cc192fabbd7d0
-
SHA1
d07a5f1e5555de4e395adfd4975e9561d0731dd9
-
SHA256
9c021fbbdf0c763f5743c010f9634caf36b54224965265ee8dc42c8b538dc180
-
SHA512
9550836c086ef2ae798d0662be117f4a79203ee9020c491af2791c09ca76c5dbb799dbfed86ff8d0188e9c9c8874958005b68605a4dd18606c42f9744a4d1a3a
-
SSDEEP
1536:QmTBX9eQYwolomq74y4aMtkPSRr201BlOfyk4ZVzeMO:QM/oloZMt5xBzju
Score1/10 -
-
-
Target
SharedSerialization.dll
-
Size
30KB
-
MD5
930963786e4f43df059dca81b667ffdb
-
SHA1
619337dd3f6341af1cb1d3550a06ebd89c5c0ef4
-
SHA256
e3081352a0d002e29cb28d6feef5c0163261f9dddbb0db955e8408e09ac0c1f5
-
SHA512
14f39f2227058c20e2681fa459b5556ce0571b0c9a4d2e8285560b3a51d9a36d0f1d6cf5a87b5ebbcbeb6dc122224f7905624210f9b7ad376cd3d228d45b8002
-
SSDEEP
768:d3PPQ4pmo7nRGUUMFgG8xSPPQJR0FlpVsijX6Qy6/Ghr1eF5xVoWJr:NPPQ4pmo7nRGUUMFgG8xSPPQwV7jYt1u
Score1/10 -