Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    pengg (1).rar

  • Size

    12.4MB

  • Sample

    240514-zphmmsfh5z

  • MD5

    0324e4e45420808253bdf82ec0a823d9

  • SHA1

    a4ebebcc310c6bcfa0157422ae43feaf991ac331

  • SHA256

    aba59da0c190f10f3c890dd1dfc9e1c19ffc1d2d068410fbb939737e454688a4

  • SHA512

    2ade9e1c4db4e780085093f428a8a558e517c54f871b1628051480c9eef98aca862797373f38869a7f1d9fbf9698990484c373f9eb8859e108db8deffbdef6df

  • SSDEEP

    12288:F5x5PFiZiDt3YWVXWdRzgpzjagSmT7Fmff6Grudk1Fw6fbIsWJ2:F5x59c83XWdqpfayIff6GqV61

Malware Config

Extracted

Family

redline

C2

194.26.232.43:20746

Targets

    • Target

      pengisv/Injector.exe

    • Size

      841KB

    • MD5

      b113174ef077e9c8373138c40f4032f7

    • SHA1

      0a1f36698e6d21112e2c48d94d01e71d93f14373

    • SHA256

      b22391d8bfd203925a7bc7eb4385580faf8d44fba523d5b19fe36d0e8158df1d

    • SHA512

      bbcf9775928df3a02988b4932490c6eccc78f4fbb9781ea64860c28ed61f02fa56430877a20b7256f3f43931efd3725a668408193b792eb1710caa7c6b57beed

    • SSDEEP

      12288:fyiakxd9ZdcZqiSkhT8J0eAG06CGmo9rPamFkIVVB1wpjebvxgFdcEO2b3hfpRWg:Kifxd3WqiSka6eAL67j

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

    • Target

      pengisv/bocchisr.dll

    • Size

      463KB

    • MD5

      834e859f320d4ee0b0ab1726093eea4a

    • SHA1

      fbfbebd91fe3277a068c94dba53586aae91267dc

    • SHA256

      6521d2c34a637f6563241d3784dae6f63480dbd64757063e02a741649837b680

    • SHA512

      8ca6146513d5627117565894c39fe56abf0c744b299096b6aa0c64b563e8c6437bf08480a50baaaa46eb4c0d646b59477feab15c32364fb35ca6c18714c6aae7

    • SSDEEP

      12288:AlcP+hdhOfATj9F7aKH+QLA4smLiRF0xn2g0AT:AymZOfAtF7aKYDqE0xn2Ji

    Score
    1/10
    • Target

      pengisv/ced3d9hook64.dll

    • Size

      50.1MB

    • MD5

      b525bf3b4a748b5ab834ab0f6d394d75

    • SHA1

      d1cedc0326929379e253ebab35296ecd4100c0db

    • SHA256

      42a8aff82777d003b7a2a438bfd506367e1a3de6ee591f1c3935d3e32d5c4e0c

    • SHA512

      cbe70517ea00e278df0f6378d2844df52b513c9d5164409cab166f73ba29d7722a63856b8d318b1f5d690d52e1df9156e00c151dd1011886df70e50da13a2817

    • SSDEEP

      3072:6UoPePVhoZB34/UWFdQomnRepTPFn35eoONSO2:j8ZBvWrnmnR2Un+

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks