Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3Software_1.30.1.rar
windows7-x64
3Software_1.30.1.rar
windows10-2004-x64
7Debug/Addition.dll
windows7-x64
1Debug/Addition.dll
windows10-2004-x64
1Debug/Autoupdater.ini
windows7-x64
1Debug/Autoupdater.ini
windows10-2004-x64
1Debug/Cracker.dll
windows7-x64
1Debug/Cracker.dll
windows10-2004-x64
1Debug/DebugPPF.tmp
windows7-x64
3Debug/DebugPPF.tmp
windows10-2004-x64
3Debug/DebugPPT.tmp
windows7-x64
3Debug/DebugPPT.tmp
windows10-2004-x64
3Debug/Helper.dll
windows7-x64
1Debug/Helper.dll
windows10-2004-x64
1Debug/Management.log
windows7-x64
1Debug/Management.log
windows10-2004-x64
1Debug/Resource.dll
windows7-x64
1Debug/Resource.dll
windows10-2004-x64
1Debug/main.ini
windows7-x64
1Debug/main.ini
windows10-2004-x64
1Language.pimx
windows7-x64
3Language.pimx
windows10-2004-x64
3Main.ini
windows7-x64
1Main.ini
windows10-2004-x64
1Packaged/Main.xml
windows7-x64
1Packaged/Main.xml
windows10-2004-x64
1Packaged/Resource.dll
windows7-x64
1Packaged/Resource.dll
windows10-2004-x64
1Packaged/Utils.xml
windows7-x64
1Packaged/Utils.xml
windows10-2004-x64
1Software_1.30.1.exe
windows7-x64
10Software_1.30.1.exe
windows10-2004-x64
10General
-
Target
Software_1.30.1.rar
-
Size
11.1MB
-
Sample
240426-l7wekaeb2v
-
MD5
b01a45f46effe0887fd0dff6646894e0
-
SHA1
fa0d2e746c981822fd8c4d7811b1e9d9ad3b64f0
-
SHA256
739d8e382768ca1c159c50425bc7773bc2e7e3d91705fc41d3b32035b2811daa
-
SHA512
9f469c1836645c48e56463811d8461e4de228a7273661c863148ff619f46a16ec7b2408301ddbde6da9765b7b3a4cf4893ff01fa23da6fb29b7596d0765e0ce4
-
SSDEEP
196608:hfxMUYzzZA9Ron9nEqNHuvwcf4KFSJTCiHD3iXEifbaRfnqhU2koVS3Qj7CmH:fMUmAI9nEqNOvwcf47JTJHLi0idhQK9
Static task
static1
Behavioral task
behavioral1
Sample
Software_1.30.1.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Software_1.30.1.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Debug/Addition.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Debug/Addition.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
Debug/Autoupdater.ini
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Debug/Autoupdater.ini
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Debug/Cracker.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
Debug/Cracker.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
Debug/DebugPPF.tmp
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Debug/DebugPPF.tmp
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
Debug/DebugPPT.tmp
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
Debug/DebugPPT.tmp
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
Debug/Helper.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Debug/Helper.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
Debug/Management.log
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
Debug/Management.log
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
Debug/Resource.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Debug/Resource.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
Debug/main.ini
Resource
win7-20240220-en
Behavioral task
behavioral20
Sample
Debug/main.ini
Resource
win10v2004-20240412-en
Behavioral task
behavioral21
Sample
Language.pimx
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
Language.pimx
Resource
win10v2004-20240412-en
Behavioral task
behavioral23
Sample
Main.ini
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
Main.ini
Resource
win10v2004-20240412-en
Behavioral task
behavioral25
Sample
Packaged/Main.xml
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Packaged/Main.xml
Resource
win10v2004-20240412-en
Behavioral task
behavioral27
Sample
Packaged/Resource.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Packaged/Resource.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral29
Sample
Packaged/Utils.xml
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Packaged/Utils.xml
Resource
win10v2004-20240412-en
Behavioral task
behavioral31
Sample
Software_1.30.1.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Software_1.30.1.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
Software_1.30.1.rar
-
Size
11.1MB
-
MD5
b01a45f46effe0887fd0dff6646894e0
-
SHA1
fa0d2e746c981822fd8c4d7811b1e9d9ad3b64f0
-
SHA256
739d8e382768ca1c159c50425bc7773bc2e7e3d91705fc41d3b32035b2811daa
-
SHA512
9f469c1836645c48e56463811d8461e4de228a7273661c863148ff619f46a16ec7b2408301ddbde6da9765b7b3a4cf4893ff01fa23da6fb29b7596d0765e0ce4
-
SSDEEP
196608:hfxMUYzzZA9Ron9nEqNHuvwcf4KFSJTCiHD3iXEifbaRfnqhU2koVS3Qj7CmH:fMUmAI9nEqNOvwcf47JTJHLi0idhQK9
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Debug/Addition.dll
-
Size
30KB
-
MD5
f22e849a370cdf127f48beab596bdd81
-
SHA1
fb1da47c7a246f2cda7f7686a468efafd9933b1e
-
SHA256
8be1f5581437b6f5ba48705e8956c8bc0765bbd1d6053242640c75bd94048aa9
-
SHA512
6ded81fe4d4db69586d74fdb425c4fc8c092508e7e0b49eb141a9045abf40626d14659fa6237a3920e58571ca7acf4911cdf03c4307fd89b6dc5e54172afbc14
-
SSDEEP
768:Fol18SuOO3bBAughXjNPQsXVjWuu7jqWdTS2gS:er6tAugVjN4sXJYjqWdm2V
Score1/10 -
-
-
Target
Debug/Autoupdater.ini
-
Size
5KB
-
MD5
f78b8f3d265b4e9a706ed0aae70bdf9c
-
SHA1
6d73ad3954fd8fda80911071efca1910fd2d0a3d
-
SHA256
dcae62d049c4dd496effab6f02220bc270c6c098ebb55a5a6e55fbafad2974d2
-
SHA512
c44887c08d1239969aaf9934921f1a7341b87faded169136fcc0539d62de3104ecec0e3ac7a28eb3135cb449f58310b49f868963b64b920210d1c55104e7e7cb
-
SSDEEP
48:K3Px9Vz69T0oXIGXTWGXsP9JEX98TNx9P8k9zZ8G958d8lx9Vz69T0oXIGXTWGXe:FvTlEGvTlUOy
Score1/10 -
-
-
Target
Debug/Cracker.dll
-
Size
56KB
-
MD5
404aacc737a9d30147d30cee6be0abba
-
SHA1
5f49b9197d73b53eb3473c80a6f25dc068421baf
-
SHA256
3eec59d6aa2a45e368b99d09bcedf228290656a88de8a09ccc91867ab71f228c
-
SHA512
eb3716304571727d3134da4da46c5c91276afa20f5da26f2b89cc0cdc19f98592322b5e85fdc6a36e51636298ffac456a9057ed7d10c17e4955c4307cb933f20
-
SSDEEP
384:poaSsZTSyPG0TLMU9mCzkcu/b49Pji7iJI5TZCP56vS1a+dYUFv8WTa:W1yR8U9mCzkcu/8V2iP56v/+G0a
Score1/10 -
-
-
Target
Debug/DebugPPF.tmp
-
Size
11KB
-
MD5
b1e68fabd5c19aaa21de6351554aae2e
-
SHA1
66e7cf5d041a6ed9252ee4f6104ec0abb57d60b8
-
SHA256
63909409d9c79950289701c4a58605ea7fcd30703163fce0b4ac81204f0b3cca
-
SHA512
6e080f64d583e29a503282022ba587eb88903e2cf2bf943f9f9849fedf7f25dbfdeb02fae2803f03acf18b7a2bb37be1a1834e3b5ef7ef9098cfb0ee80a410dd
-
SSDEEP
192:fXBY6p0nsAXXOZfZz2zgJNGayrKy8pJErK7EuKr3eEohK11pS:PcnFneZz2zE/+rK7EuJ6S
Score3/10 -
-
-
Target
Debug/DebugPPT.tmp
-
Size
11KB
-
MD5
4969578a5fd8d113ab7783812849c1ed
-
SHA1
580f84362a74337b2ed25bd58700e9a002e51bc9
-
SHA256
9f2b02ba814c2975a7b6ed5aa03345046a9c9d3036481a8a109b132a951e82a0
-
SHA512
49dc150be750ff0a5b03fbe384debcc136d6dad513fa1c6284469de8e8aed1b865b2bd8271937030818094bcc5358dde6e146e3c784dd88fa9681a84c7a557ef
-
SSDEEP
192:W7F8knwe/KZztz2XFuUpcWOEai+S7UeAJo9pDWhuDyG/WE8cHtENQmfsB:WNn1y1p2XMUpcWb+qUerShuDl+8HerfQ
Score3/10 -
-
-
Target
Debug/Helper.dll
-
Size
189B
-
MD5
9bb9aba5dd893bbccfa45e2d75d55d26
-
SHA1
5714796513341ac3159a6a3c23d4769209063d35
-
SHA256
6b325cadd8992d998c4fbc8ed56079c2850b68ea2d38432d51c26ce82b0a5419
-
SHA512
f57df9a4a02bd17772acb3ac1a0d961c53f6940600b58834ae38c198a98ae651a21b382450b267aeffbca4ab262668ae471a78ed99bf9dfa414c1316056a289b
Score1/10 -
-
-
Target
Debug/Management.log
-
Size
8KB
-
MD5
ff765d6581fe6568aaae19de239b2e7a
-
SHA1
78b09b0ce2e59ce87f65251ea903842c1c77046a
-
SHA256
4dd051de9b04902fc59d411b1c27c42007cacca4ea52e88d71c897cad1d990cc
-
SHA512
8fa7c766fc1ac48408d964eb9844f9c4a2fb3e33357e736230024788ec71cb3c338397e16f8e556bbcaafd83c58f3af6a55ceaa9daff290b0e687093e5c97a2e
-
SSDEEP
192:+jfkNaok8wITITp8dNOgNH34lxeDKOgWNh0ctcoAd8dq5XrOGB3Wr:UkNaz8wWWp8dMA34lbLsq5Xqq3a
Score1/10 -
-
-
Target
Debug/Resource.dll
-
Size
10.7MB
-
MD5
641dadbb3f03938da99bf7c6c4cc482f
-
SHA1
b21bdb69a17642ade8e62fcbd779ff1bc89ea809
-
SHA256
883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479
-
SHA512
7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5
-
SSDEEP
196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP
Score1/10 -
-
-
Target
Debug/main.ini
-
Size
4KB
-
MD5
d2e799c6b2467a0a4aeb0cba508e8a30
-
SHA1
349e50e830cca26b03a0e32bac1f9045a72eb406
-
SHA256
d3d79eda930253d1ad388f60a56775f7d6bff80ce5a4e07c812d7d338fc93593
-
SHA512
f1d14875a6379b450eb5dc2513a1791ec65a6fb237db94a74621c70ca5d579428b7cded35ce3bece884faaabca4f0705de73fb5cc8b2d60be995b2be66cb20c2
-
SSDEEP
96:38acVNxLPdLB3fhvKSEnQRkB6Ip1ImmoM:38xxzd93fASEnNIy1ImmoM
Score1/10 -
-
-
Target
Language.pimx
-
Size
22KB
-
MD5
01fbf905f95578b7c2eb370d5bd867b6
-
SHA1
6688f78f5afba9bbabca1a398371c063f67447c2
-
SHA256
a17506a018994501e0cf6847ceee97f7cd9ffcffc48b256d180175256ff5c0f7
-
SHA512
321c7c325dd886f7a154e7aed21b5e8789cd3ec28a0dd87ade8702524857fb2ff271fca16833f2d393ce9ca45cb6b0b87470357ace1bf49d65e7e0efdf423aa5
-
SSDEEP
384:ntMbm75pVUbnVhU9PFfRYzF66ZfxjUyy9FeQ3Np:ntMIInrU9PBRR6ZfxOX
Score3/10 -
-
-
Target
Main.ini
-
Size
24KB
-
MD5
5bf4353d089309e57865ba86d4199004
-
SHA1
e2871968fc1aa99c821209f817a94b05b7b7a7f3
-
SHA256
96088d93be0c39001e87b5647bc8ffdef684a90fa02f0f91d430248f7c3415e2
-
SHA512
c8489b85c75cacc54535538736d75ab2a2fd60d29b764906fe7acbc26d9887515f5c316b9e2543b9511ffc348fcd88f5e01e4f1baaf9c5ecfb8a95061e12c4ed
-
SSDEEP
384:az91NaxrAlW10wt+CJgSz8/YK3uOvxtNhymeIbi2OrFc:az91NaxOCJgkRK3zvxtNN
Score1/10 -
-
-
Target
Packaged/Main.ini
-
Size
1KB
-
MD5
7b53ebd64e5781e02eaefb6739a6b556
-
SHA1
d5332b200cf5dcea0419afdb66a15d89b9eb619f
-
SHA256
b975c9251ef7394dcc69f49e54dc5aa5e8df32f9b5e8c687484ddd840eb94d20
-
SHA512
c4a25c07e19760547e91818ba6e9ec3fe89206c29429668731c7563b7407cb56d8c0adca519bf96dc82a1631e82cfe63b68439cad4102ea2a1df438bac8400fd
Score1/10 -
-
-
Target
Packaged/Resource.dll
-
Size
189B
-
MD5
4427aeee68321d0f4d7befa74e669f83
-
SHA1
4670003762a1c217c9e8ea48fcc53f2871a7c341
-
SHA256
a9661f89b8d957f4e71cbe1ba0342a39e5b50a1d80d974e2e1b349a273967f1b
-
SHA512
9d9156aa8fdebf19363fed2edb82235642c8c20549369470e44fdc0db41324e2160968fd7dd43eecce1ce3da9c03dd05cdefc8d903a9d0394f5ca9a73f5c5fa3
Score1/10 -
-
-
Target
Packaged/Utils.dll
-
Size
1KB
-
MD5
73e051427246dd4ca45935b1a4bd7e2d
-
SHA1
7216f05041252f1c3a9d84aacdf84ef62f1a1045
-
SHA256
b7b8b412ab1e4f32da8a7cd42aeaa6e7d8d340cf14977d3e87f7d8f5eb689b0f
-
SHA512
3fc10dea91962244389214d189c141466f5630e99b01af5761738ce884df14050cd08a43802dc45bbe9117290c34143b85a75694b6301954b51972180dca1e36
Score1/10 -
-
-
Target
Software_1.30.1.exe
-
Size
459KB
-
MD5
1502131d8e2862b1c4c8c32460d5a471
-
SHA1
661c7dbfffa6c8a03df60e6f9daf1dcfaf9b1591
-
SHA256
f5c5b3ecadf87600083fa78130c7c046405e542c878a86a144626286dd857349
-
SHA512
87088e55f5a0fb586771ca0bded9649e790393646036579ebf29ed051af706f24516c261a9a4365d84c675aa8f75b277ccf58eda9a86bd67eb2f1c9edfdb5f4b
-
SSDEEP
12288:P4J4ZH65jJnZ0iQaNJI0pqIRWqsfedoM/Sk2+JEXRa:w4ZGnhDVqXqsWaM/dbGB
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-