Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
1Setup.exe
windows7-x64
10Setup.exe
windows10-2004-x64
10data/cokl.dll
windows7-x64
1data/cokl.dll
windows10-2004-x64
1data/jre.dll
windows7-x64
1data/jre.dll
windows10-2004-x64
1data/wers.dll
windows7-x64
1data/wers.dll
windows10-2004-x64
1dxsupport_...ic.dll
windows7-x64
1dxsupport_...ic.dll
windows10-2004-x64
1inform.dll
windows7-x64
1inform.dll
windows10-2004-x64
1wers.dll
windows7-x64
1wers.dll
windows10-2004-x64
1General
-
Target
Setup.rar
-
Size
206KB
-
Sample
231119-dfbxvage95
-
MD5
d6415f417cbe9041b6efbb14e2c4537a
-
SHA1
a6b9d553124c438483680dd08b206534d8c94083
-
SHA256
3bb135949a8fd9d074d8e503909f7dfd5295f96aa6f7145a3c3aa02b15000249
-
SHA512
b899b4776798cbd83c89f9e30cf30c4872b114c7fce842827a0b99fdb66da1e71e3a3b14035f91620f0200d5d531cf61cfddc5da5c18c2176842a472e738f312
-
SSDEEP
6144:6YNMvF1jdKC1e9IzoMigxkQWMGB27lfQbdZwK:AKNIkdP7MkOlfQbMK
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
data/cokl.dll
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
data/cokl.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral5
Sample
data/jre.dll
Resource
win7-20231025-en
Behavioral task
behavioral6
Sample
data/jre.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral7
Sample
data/wers.dll
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
data/wers.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
dxsupport_episodic.dll
Resource
win7-20231023-en
Behavioral task
behavioral10
Sample
dxsupport_episodic.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral11
Sample
inform.dll
Resource
win7-20231020-en
Behavioral task
behavioral12
Sample
inform.dll
Resource
win10v2004-20231025-en
Behavioral task
behavioral13
Sample
wers.dll
Resource
win7-20231023-en
Behavioral task
behavioral14
Sample
wers.dll
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
@svberves4
45.15.156.167:80
Targets
-
-
Target
Setup.exe
-
Size
275KB
-
MD5
914caeec4642d8becc8edfbdc9020ce9
-
SHA1
d29cf26f88326b12769babcc835fca89631aeb53
-
SHA256
70d4cfde8899ce4beee159983e7d7d6ce2c08aa2ba4adc98ee47ac8743878e04
-
SHA512
5a0250c762503180a2b7f06016b77bc52ec7940b740d8a22284bc914edb3f4261c75ab0e71c39f5b70ae70e9676bec6bb292d062f84cc5a4f91bb40915dea4da
-
SSDEEP
3072:OCmjHS8yuBzlAjeK8SDSTRIeN10clwfC21Rzc7yFWQ3xGrcnSIZYR9cz24lK1:OnxsjeK8Pb1Nlwf51RlUrgm9cFK1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
data/cokl.dll
-
Size
293.4MB
-
MD5
99163c0d836ab3ace9001c1feb8ae4dc
-
SHA1
a60f9d9defd233de381fa2010ca2ed5b8688e043
-
SHA256
564980de5c436300d57e22df5a760a5411e8054c7da1b95ba888af659b7229dc
-
SHA512
d68aab24374576e8e0870820f77331dfac98f90c5f32c20df51071c438be7690315f4d10f7b3a3039d2e10690e012e81f262a81b875d9e0fbc3d83b3592c226a
-
SSDEEP
12:cRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR2:n
Score1/10 -
-
-
Target
data/jre.dll
-
Size
293.4MB
-
MD5
99163c0d836ab3ace9001c1feb8ae4dc
-
SHA1
a60f9d9defd233de381fa2010ca2ed5b8688e043
-
SHA256
564980de5c436300d57e22df5a760a5411e8054c7da1b95ba888af659b7229dc
-
SHA512
d68aab24374576e8e0870820f77331dfac98f90c5f32c20df51071c438be7690315f4d10f7b3a3039d2e10690e012e81f262a81b875d9e0fbc3d83b3592c226a
-
SSDEEP
12:cRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR2:n
Score1/10 -
-
-
Target
data/wers.dll
-
Size
123.9MB
-
MD5
9b2e2a36fe94f9b33c1e787b949ec402
-
SHA1
1acbc06ed85a340ccaf91520f378d652ff4e5796
-
SHA256
98d04d874c35b6ec8c6df774ec1d672b3b5e29fc264f42abbb1cb47a1143cab3
-
SHA512
6555f9b256c9393b9fdd9fb99cfcbbcb057404d1f754f93bc2de236f3277fea9253b526ad8e97047738776df6a255dda8071206bf811986bda0648ba35b696bb
-
SSDEEP
12:cRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRW:X
Score1/10 -
-
-
Target
dxsupport_episodic.dll
-
Size
10.3MB
-
MD5
26314302a85c3190f0c059aa386c5bbf
-
SHA1
3c0bdef6fb521ff4d1647a807489c271c86e4b93
-
SHA256
e897efb99efb9987bfec5dceafab6b8a88a1ed78735925f6a8b72366691af865
-
SHA512
60f4ec429abaf386e3892ad45c51d0e530a48a709991c290d00309ac9b34d93f6196c8a4b67fa46c3851ccfaa4c2c18900fa85585edb59d14cef9ccf0b5d42c2
-
SSDEEP
12:EZRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRQ:EQ
Score1/10 -
-
-
Target
inform.dll
-
Size
6.7MB
-
MD5
b2a2ac5c8d7ab1e64f92049ac6b620b5
-
SHA1
e18793cc01c8206bb3095b0cc93d41a6e5239253
-
SHA256
d5e180bd44b78907fd57c04b4a8185dba0892ec1fc3702202a06333067a92a46
-
SHA512
2ed6c5f52235f857a379be03343fd617d510ffbb9772d5c51219fd020a296e66234d6966e1e579fe07a7f49c9182b83e65c866ca96bb3f1332532453a346d978
-
SSDEEP
12:cRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRm:3
Score1/10 -
-
-
Target
wers.dll
-
Size
293.4MB
-
MD5
99163c0d836ab3ace9001c1feb8ae4dc
-
SHA1
a60f9d9defd233de381fa2010ca2ed5b8688e043
-
SHA256
564980de5c436300d57e22df5a760a5411e8054c7da1b95ba888af659b7229dc
-
SHA512
d68aab24374576e8e0870820f77331dfac98f90c5f32c20df51071c438be7690315f4d10f7b3a3039d2e10690e012e81f262a81b875d9e0fbc3d83b3592c226a
-
SSDEEP
12:cRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR2:n
Score1/10 -