Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    BlenderSetup-3.5.0-win-x64.zip

  • Size

    89.8MB

  • Sample

    230523-s6f2taga22

  • MD5

    5b1603b260a23453afc933bc54925c08

  • SHA1

    fe68d730779f5b54c052b207e4a6d35f244b5fa1

  • SHA256

    51b4ab44329a6efe2d4a23d5c4664da236fe08b12728d181c909feddf19eb2dc

  • SHA512

    18d2044195e04eff3a5ebc4ce249633031d1b811d06d75cfa19eadcb4828f9753692ec00b1de015eac7208d3320b0b8d30e0a815b712a8e6db019a1a3128138e

  • SSDEEP

    1572864:J3tbY+firscYCuCr+u5KBYpmWkjbhTKCFL6xBE9L1FKf6nP2sojzLYbE8LGC1:fk+firsCuo75KXWsl1l6E1DY6nP2NDcJ

Score
10/10

Malware Config

Extracted

Family

redline

C2

5.42.64.63:19123

Attributes
  • auth_value

    2e251a8604620b6ba76520586114b84e

Targets

    • Target

      BlenderSetup-3.5.0-win-x64.exe

    • Size

      637.6MB

    • MD5

      443cc79e21eea02b0731b09aa0c58987

    • SHA1

      976078d978f3dc0e5b8476923531aecf3485c078

    • SHA256

      9f00eac23eaa3f569d4320235c814c1abc3a80997acbb537bed2fdb5ffba08e8

    • SHA512

      2d6aa8e8cc46e1fe51c89eb919f5973459e4a0f1b1cf3cdbf5701e2057fd5d8533325e65efde8f2b263df2f7cf414b27680b5c13aa68919ff2e889ba4d3ec714

    • SSDEEP

      1572864:Hcljj7Hs6Hjo0pQI/ALJXuHo9YDvA2zA10srNqr+en3R5yUJsU:H8jjbs6Hj9X/ALJoo9oA21mNi33TL

    Score
    10/10
    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks