Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

21/01/2025, 08:24

250121-ka7wnavmhr 10

12/06/2024, 04:32

240612-e6ft6a1cmr 10

General

  • Target

    MultiHack v1.7.zip

  • Size

    3.7MB

  • Sample

    240612-e6ft6a1cmr

  • MD5

    8f23df152d21164e65c9ec0075438092

  • SHA1

    d7da33a9562eff23285b9c3c03663f7d486a8cfd

  • SHA256

    9e5350ebbbe71cde0e195735289355187d11af0ce0b625cb16ded5f0f3b98744

  • SHA512

    c3be73b3d9fd59c4db5155afaa47beb36903fa8c0680f25f1ebd7ffc067aa7b78b9358deba96de95fde1725b2bb10bebd71221dd097a976556dfad9a3b14af0a

  • SSDEEP

    98304:WOMjLhIEsDwTDhjgUqLGEjYOjS6qmRsjOmdYS01jjMT:NMjdIZER+SGsjf0BjC

Malware Config

Extracted

Family

redline

Botnet

@bloodyrain12

C2

147.45.47.93:80

Targets

    • Target

      MultiHack v1.7.zip

    • Size

      3.7MB

    • MD5

      8f23df152d21164e65c9ec0075438092

    • SHA1

      d7da33a9562eff23285b9c3c03663f7d486a8cfd

    • SHA256

      9e5350ebbbe71cde0e195735289355187d11af0ce0b625cb16ded5f0f3b98744

    • SHA512

      c3be73b3d9fd59c4db5155afaa47beb36903fa8c0680f25f1ebd7ffc067aa7b78b9358deba96de95fde1725b2bb10bebd71221dd097a976556dfad9a3b14af0a

    • SSDEEP

      98304:WOMjLhIEsDwTDhjgUqLGEjYOjS6qmRsjOmdYS01jjMT:NMjdIZER+SGsjf0BjC

    Score
    1/10
    • Target

      MultiHack v1.7/Loader.exe

    • Size

      613KB

    • MD5

      eaf135289c47813fb42ca5c8725a318c

    • SHA1

      b10df8a1ed28477738aa49d13075ae379cee59e4

    • SHA256

      d32338a207e0c9389388cebeb45abe709e4dc6fe02d0f8267b478fd2cfeb1760

    • SHA512

      c9288aee9876d006ce998753785982c086382ecbfaecb0f6fca7e445ce0f42efe3375771e0d9211f3dadcf09476c607584c09038dd970c325cc1d314ccc0abed

    • SSDEEP

      12288:k55CP3Izb3vmJxMtTCGpZo0kidUBHZ2MErqp4tv/D7YmvDeDidYA7j//GrzS3emc:kqPIHmKTCGDoT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    • Target

      MultiHack v1.7/README.txt

    • Size

      593B

    • MD5

      56ac5cfa302606d805191effada66a16

    • SHA1

      0b79424881154ce74ca5b5aeb217cc302425b1fc

    • SHA256

      6d816df54c5d2be2396257bf3fbe345a10fafe78766e13b727f49e09793d66eb

    • SHA512

      c28905e539adf0d471d7ac8bfb8bf887f179160c15f41880f55d8b0bd4ecf35238e70fd7f9484371b78c796447a46186210710f33f24360896cc292a76b7c160

    Score
    1/10
    • Target

      MultiHack v1.7/jvm.cfg

    • Size

      4KB

    • MD5

      e9da54c707da4e8ab2306b9f7c5f30ae

    • SHA1

      f229561832df50b9b2bbea74c7234423d9e0a61f

    • SHA256

      76c6dedcc8f51e80c08b8bead23af8168ffa0de26c57e546cefff2f4cf318bcb

    • SHA512

      d1be773d908e4eb1cdb34a3d4b9a4b2c179026711893f81cbbbeb0571388f5d44b0ade12c351e4f81439a7afd5dbfe1445d1bdd142c4c31ccf4d1ddb6ad45931

    • SSDEEP

      96:si28cXGJMpOMRVF4U6Awknpwuwjv3EgYWb8hsqWPMWMrEWBnKvTgWTWekqP3sA7L:pch/K

    Score
    3/10
    • Target

      MultiHack v1.7/scripts/actbusy.txt

    • Size

      15KB

    • MD5

      d763b32d55c33aaa35d84b585a53a379

    • SHA1

      3dc086805ff3c4599e45abd6784280437ac67fea

    • SHA256

      afd4677654c86372826ac4be0e41c48c33abdbab72a709e1f476c34abc52f82d

    • SHA512

      1276a7c16d1bf751c8289030bd0a5340758022b77232b785872f86dcd6f2b6c0b7ed77e30904731bc7563ed23c9d44e9a8fa47e6b442942d300dca6f8a97c65c

    • SSDEEP

      96:sHk6/2MMr2xb+LN1yxaeky2ySutP3dvZ26UCN/OCOgM40kAvpOi3HUbAU/2CxGE/:6V02b+LWx5tP3dvDN/Z5jxGEqxKroe

    Score
    1/10
    • Target

      MultiHack v1.7/scripts/actremap.txt

    • Size

      4KB

    • MD5

      f83aee55b22442f691bc778dc8098f63

    • SHA1

      bd6ddb194c4f8085c1cf7a1319bf9d11c041e7da

    • SHA256

      c2b67cfac752e75a79cfcfc72443bf7056f7e769489f638963788dd2215c549c

    • SHA512

      dad3a988fe85414888061c16c78dcbce275161d8898c13e12a10db907037b9ee67e0f17c3e994b201e7b5cea88f474e418332630a8c521b54c79fb72189178c3

    • SSDEEP

      96:0Ha6jb1v46FeqqJbKPJuZLJBKLJYq9JfJNOAOpqZJLJ1OkOw:b6X1VWJbKPJSJBKLJVJfJNOAOkJLJ1O8

    Score
    1/10
    • Target

      MultiHack v1.7/scripts/audio_options.txt

    • Size

      4KB

    • MD5

      d9f440fb788a0c9d29f4e4d1e7a0313a

    • SHA1

      0f4c2b123b62727c2acf64a3bdd18581d078e000

    • SHA256

      f379f2f36476831900d165eba21514d0c3fdba1a15c7306bade0c7d4ff44bcd2

    • SHA512

      5d86a9743d1a630f84b4c932e62e13665a20d43d16709d00e64f4e6f5d35f273436165d0bf239986e27dafcd32eb926e7b3ddde269df3f929ecd6b8117f88dee

    • SSDEEP

      96:GQ+lBQ+0y+Gqy+Oyy+9y+iy+Ry+Py+2h6y+ky+U:s9yhe

    Score
    1/10
    • Target

      MultiHack v1.7/scripts/bonus_maps_manifest.txt

    • Size

      43B

    • MD5

      202c4a9d2d9aca6da3676c9e54b5e2b7

    • SHA1

      81a2af1ced9353891d9df68b79650c62ce0f03b4

    • SHA256

      7ceabfaf88ce7a25fb60adff6eef71cd9ab66cb5984c0d2d510318d493b8e61c

    • SHA512

      8a71d84c64ed0e17ea2b1f99dc7d338ca24db5429594bc128b0c46543b2aa7246ddbdc53f61fd6af6020c801b754f51cf96054f7e8f6cc6a1d6970f247e41c87

    Score
    1/10
    • Target

      MultiHack v1.7/scripts/bugreporter_defaults.txt

    • Size

      19B

    • MD5

      ccb652b81adfaba6974e3887b3df800e

    • SHA1

      c25c4857ff14fb3b73462a3e04b3daa6286c3564

    • SHA256

      2cb6de377ded7f799694df38f83c446d1fd41e61d6eb6f16008072ebd4933448

    • SHA512

      0939cf2a1d749bf34ea34a1ea23da0c05e6724b40d00cf7451fbfbf101a69f1a9dc39652a85cd6c3b3dfdbcc580cda83896c16ba50e6fdd8156e8f0ba88af27a

    Score
    1/10
    • Target

      MultiHack v1.7/scripts/chapterbackgrounds.txt

    • Size

      37B

    • MD5

      1e81f5e15466f87fcf870f75080612ee

    • SHA1

      71b506dcd9c01947203cef8ccb7095b97f35dce8

    • SHA256

      9bbedd3e085bfe5c469a54f732589813ed6af1d05b64f1bf08fcb0fb90c52dc4

    • SHA512

      c850f84f453c0fa748c929873a1d23f74856b52bcae15cca82577a42f42bb437cd9a59c48a51c0e24544fb29e2968d1f02e534cca76cb3d2a0151fc70ac1b22b

    Score
    1/10
    • Target

      MultiHack v1.7/scripts/clientmenu.txt

    • Size

      6KB

    • MD5

      d80932b6bb50903f23b5a4efdcbf41f3

    • SHA1

      5a4691830d5eade69feb0c94f0d3adbbd56873c5

    • SHA256

      dd775b8bf839a2be6e8c62be9effde60b6788b980001bf20a5655acfb53e6ac4

    • SHA512

      4b3dbc0ce19d943ca82dccb06f865caddc81edd223becf13aca503a14e3a7df7982ed2e819414bbf2ae4e60acf599fe9f6c827161bd9773a9da29364131efa55

    • SSDEEP

      96:h9x0KtKLJoAyxcJx3z0Mb6vlAlilylrcEQw3RQdQCQz3N/3f:LK9oAyxcJx3R6qcE/3Rc3U3Nff

    Score
    1/10
    • Target

      MultiHack v1.7/scripts/controller_options.txt

    • Size

      6KB

    • MD5

      a300f751268f4b5245852bbffef58ee3

    • SHA1

      fa4e46b1bb102f1829718a117178fb276af711c5

    • SHA256

      828a5fb1b7677e40f6bfbf613e5b6e90cf6a3baf051caa7ffceb64f61ff7754b

    • SHA512

      68ff02e38a447010b1458dd6fd996090fd2e2b68c2406b1da8c99114c5251803c5cc31e6e0d3f93a3e4f20c73acda0ab7e9d14ade066acb6264b5ecc06017c9a

    • SSDEEP

      48:bngsJsVvsHa0ysjThsjJy5tM3FDsL5+CFDsL45Qs2L3YsuYMUe/lIPIR1ldt1XFB:8IaXy43FDQJFDL0LIDisxNq2cDtHt3q

    Score
    1/10
    • Target

      MultiHack v1.7/scripts/credits.txt

    • Size

      8KB

    • MD5

      983d4bdae61208bec7abc5b3ca90cfa0

    • SHA1

      bb8ee1e7a573f534296f27c1765e86b2485634ac

    • SHA256

      0c1a72c59da09f61ff3d3011fa8a798766ac167452c19bd4db092715b9d83ace

    • SHA512

      8350359855d2d793a26f1b1a80cc4f5cd495875d56f6a2882b014e44d9aa2503447c9f481ab898f978bb68186f0e0894d7475fc5ef4331dd7bc768b5ac69d199

    • SSDEEP

      96:LJCt8psGFw8NUnBNKYznm7z7yXYWware9jjz9U5UcangO83JQqwSpOhlGLOoZ9aR:0tR/Znm7fy7eX7cagHkOcmV4TFWm

    Score
    1/10
    • Target

      MultiHack v1.7/scripts/damagecutout.txt

    • Size

      22KB

    • MD5

      e64857cf92b6565dab38838a2e92ea67

    • SHA1

      c74ea6e46de465f5f4dc62af831fe83d8d49c6c8

    • SHA256

      fd31b2f7d9d0fcacf36a14ab0791f3db99d4c6d3474f03301acbefc4543d379c

    • SHA512

      bd2cc635efa539f6307d83cb6e5960ba214f328e3530ca9e24d63fd9b666f38577d7c2a8eb32668099e9859010ffcf1391a04ee541be66c8be134d9678c9dc9b

    • SSDEEP

      192:Yg5r9O4uGiNKptEDATB0zdEiA4ZVSLBTolbobpn:Yg6G+ATB0z5AgGBThbpn

    Score
    1/10
    • Target

      MultiHack v1.7/scripts/damagecutout_ceda.txt

    • Size

      12KB

    • MD5

      f06651f3af4548e13ca1c6c469cb5ebc

    • SHA1

      cfeec9e81fa2a404f3ec48b36c62d864ae3245ab

    • SHA256

      92a628450dc3328ee33e8c7437112587840cf860c526216930df35f0329729a9

    • SHA512

      5875a20ea0cf9e050fd3db5d209558397310db6c7adfe8457dfd09da9c506c2abbefb7ed902e5d1b347fb37add9e34f770b3416c9f6f12379436662502b722e8

    • SSDEEP

      96:hQxuG58PpXRXGKJGOpXQ+X5oJ1EpXPyX5oulopXe/O2oespXVSI+V44pX8xx424q:C/5peniDATB6dlEkA4ZLQSBdzrpY

    Score
    1/10
    • Target

      MultiHack v1.7/scripts/damagecutout_female.txt

    • Size

      22KB

    • MD5

      7624c8d64a6a5ae9d8bad827a70c637a

    • SHA1

      0b2418bc25521bc56675a056185c14919de780e4

    • SHA256

      3db9c42023c211d8d6609256fd618b725d03b01570f61a8e4d295345d2677db8

    • SHA512

      27ab317f449a40308de3b0e2a55425052d98942e97e3ea1e94ab8ca91eaee41dfa226f02e4166d64a7a67047490ad2a59a8a2da9d64cf0b28a77bef1b99c478e

    • SSDEEP

      192:fN15CX/5snzvfATBxzuE44Z7KrBTF7BHMX:fNvJTATBxz2g0BT3HM

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
7/10

behavioral4

redline@bloodyrain12executioninfostealerspyware
Score
10/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10