Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
pengg (1).rar
-
Size
12.4MB
-
Sample
240514-zphmmsfh5z
-
MD5
0324e4e45420808253bdf82ec0a823d9
-
SHA1
a4ebebcc310c6bcfa0157422ae43feaf991ac331
-
SHA256
aba59da0c190f10f3c890dd1dfc9e1c19ffc1d2d068410fbb939737e454688a4
-
SHA512
2ade9e1c4db4e780085093f428a8a558e517c54f871b1628051480c9eef98aca862797373f38869a7f1d9fbf9698990484c373f9eb8859e108db8deffbdef6df
-
SSDEEP
12288:F5x5PFiZiDt3YWVXWdRzgpzjagSmT7Fmff6Grudk1Fw6fbIsWJ2:F5x59c83XWdqpfayIff6GqV61
Static task
static1
Behavioral task
behavioral1
Sample
pengisv/Injector.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
pengisv/Injector.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
pengisv/bocchisr.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
pengisv/bocchisr.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
pengisv/ced3d9hook64.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
pengisv/ced3d9hook64.dll
Resource
win10v2004-20240426-en
Malware Config
Extracted
redline
194.26.232.43:20746
Targets
-
-
Target
pengisv/Injector.exe
-
Size
841KB
-
MD5
b113174ef077e9c8373138c40f4032f7
-
SHA1
0a1f36698e6d21112e2c48d94d01e71d93f14373
-
SHA256
b22391d8bfd203925a7bc7eb4385580faf8d44fba523d5b19fe36d0e8158df1d
-
SHA512
bbcf9775928df3a02988b4932490c6eccc78f4fbb9781ea64860c28ed61f02fa56430877a20b7256f3f43931efd3725a668408193b792eb1710caa7c6b57beed
-
SSDEEP
12288:fyiakxd9ZdcZqiSkhT8J0eAG06CGmo9rPamFkIVVB1wpjebvxgFdcEO2b3hfpRWg:Kifxd3WqiSka6eAL67j
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
pengisv/bocchisr.dll
-
Size
463KB
-
MD5
834e859f320d4ee0b0ab1726093eea4a
-
SHA1
fbfbebd91fe3277a068c94dba53586aae91267dc
-
SHA256
6521d2c34a637f6563241d3784dae6f63480dbd64757063e02a741649837b680
-
SHA512
8ca6146513d5627117565894c39fe56abf0c744b299096b6aa0c64b563e8c6437bf08480a50baaaa46eb4c0d646b59477feab15c32364fb35ca6c18714c6aae7
-
SSDEEP
12288:AlcP+hdhOfATj9F7aKH+QLA4smLiRF0xn2g0AT:AymZOfAtF7aKYDqE0xn2Ji
Score1/10 -
-
-
Target
pengisv/ced3d9hook64.dll
-
Size
50.1MB
-
MD5
b525bf3b4a748b5ab834ab0f6d394d75
-
SHA1
d1cedc0326929379e253ebab35296ecd4100c0db
-
SHA256
42a8aff82777d003b7a2a438bfd506367e1a3de6ee591f1c3935d3e32d5c4e0c
-
SHA512
cbe70517ea00e278df0f6378d2844df52b513c9d5164409cab166f73ba29d7722a63856b8d318b1f5d690d52e1df9156e00c151dd1011886df70e50da13a2817
-
SSDEEP
3072:6UoPePVhoZB34/UWFdQomnRepTPFn35eoONSO2:j8ZBvWrnmnR2Un+
Score1/10 -