Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    mоdmenu gta5.rar

  • Size

    114.4MB

  • Sample

    240615-wvdn4azejh

  • MD5

    309f4e7bd5b75e50c9e83cd97e8522c1

  • SHA1

    42247fd8c542edbf11be8a6d236182c6394b079c

  • SHA256

    f3c9796ca11327d3e9dea426349da3962a379f1c81feee1e93da016ba37b2db1

  • SHA512

    f711196a79db4905dc8610e5a24cf029860238c9e15f5432c49d5260b61a386e8ea250b6f7e0e28191e5ca99a1b73a35dc6877caac8706d3293723424870bef7

  • SSDEEP

    3145728:Io4IcgDM/1e7UpNZ3ZLunvD/tu5WfVchB:IcDMN8UfZ3ZLuIWdchB

Malware Config

Extracted

Family

redline

C2

91.199.154.172:15486

Targets

    • Target

      mоdmenu gta5/V2/modest-menu.exe

    • Size

      16.9MB

    • MD5

      ce03d8db32b901caba01fa8b1beefe54

    • SHA1

      76377cea7317bd28af0ccaab276bd49360936a9d

    • SHA256

      a568e2a4d89ab76ab9ff11b30bf320dcc4413353660678c51abc79863ff3c1c4

    • SHA512

      40ef98ee1dd411d3f634f9fe1ccdac0bc8fa5d13b1392ac5d045bf130db6efc5ebae48298d02a732fe634af953af10c004d54c3a4d5862b7f9cd6736f6ddbfca

    • SSDEEP

      393216:YwOMvc42XGU57JO0OTOUbHvnqdLNZHgbATTT9:Yeh2Xb1Ra4LNibATv

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      mоdmenu gta5/modest-menu.exe

    • Size

      391KB

    • MD5

      6fa8b408eabd31b852279fa5a872a441

    • SHA1

      3a841e5628f6a35c285b5d4c5dfc238de76056db

    • SHA256

      229b5412d38ab6be95fc30db6116b6b5b4f5f38ca0c83d13e8b5e5f485be0efc

    • SHA512

      acddba6eb875db0595fbcf09ddae61c70448b55813acf076cad1ad1293460dcd61a3ce3617bd893b8abaf2be3ffdb8e241287e19fc940071e57a1ecc3d721067

    • SSDEEP

      12288:ZFBZ98gjwtD9jTzfMMLMlg4Db97XIn6Bl:ZNwtFT7MMolg

    Score
    10/10
    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      mоdmenu gta5/scriрts/0cnkwaa9q5.txt

    • Size

      30KB

    • MD5

      5cc801952b89127336e4160c6124d66b

    • SHA1

      05c8375e66fe53a7098b71c51cf07bba7ee6aa2b

    • SHA256

      edba04c213ecc59559d206633a83832b3f179dfad08011453ec90d210f1a6cbc

    • SHA512

      722ba703f23c736ad6c096f0239bae299b51bdd5936d846d876b5b4282f3c1e12986bfda29ba8d98797b1e02ac13acb7c75c13f841194b1565b319cdd8873b75

    • SSDEEP

      768:PDXtxtRU5leFzXtNtVXtZtQXtftjXt2t7Xt3tYXtBtutJtoXt0tJt8tuXtUtXQo2:PDXtxtRU5leFzXtNtVXtZtQXtftjXt2X

    Score
    3/10
    • Target

      mоdmenu gta5/scriрts/0dn0mq0w0b.txt

    • Size

      27KB

    • MD5

      eab5eddc74924bf863981606ae103dcf

    • SHA1

      0076f19c351ebd65165643fc5cb9ce1c7685bb3b

    • SHA256

      6d5b99ead2f7466ceb7b6b16863580df6d121bbb255aa4234d195f87e0db7968

    • SHA512

      985a0d421c0763f89a69812c0e1b483eb264dc24e255c9808adc98889abd0744dc774b9226d75618248dc38efe016f5a4d49e2df506922774bb9f03c2ab8a0d9

    • SSDEEP

      768:PDXtxtRU5leFzXtNtVXtZtQXtftjXt2t7Xt3tYXtBtutJtoXt0tJtgtL4BxF/Lzd:PDXtxtRU5leFzXtNtVXtZtQXtftjXt2h

    Score
    3/10
    • Target

      mоdmenu gta5/scriрts/0dtyyww8nd.txt

    • Size

      21KB

    • MD5

      9b9be1877909a23fbc20f0b3d6456a7a

    • SHA1

      7074da3af34db78e0e75e2085abb16781f7af192

    • SHA256

      561e220cbdd901da03568eb0ddfea74dd930600743ec07fea21ad37df140839f

    • SHA512

      0cc638885f2a72c001ed7e63f0e9e29a2882a21397638b306920a01ea6f20dba3b01459b389a524a2060f419c03805206e1b9bee20a8f0361353f3a4aa2b1aee

    • SSDEEP

      384:K1Upg1yAymz2Dimz2DfrOd+dqgXxSXzzHfiEnE5Y7mjYXru:Q2g1yAymSDimSDfRX+PHj7UYXru

    Score
    3/10
    • Target

      mоdmenu gta5/scriрts/0ebo92q6y6.txt

    • Size

      35KB

    • MD5

      e2f93890ff80b068e672cbfef74816ab

    • SHA1

      ce32cdfefc049a24b29281006ed71406a9ca121c

    • SHA256

      10716312f836032e9b96f73b35674267e44fe0585a3dd9831bfbebaa423a7dc1

    • SHA512

      8e8f999800d4e041db6986db319333aced4c7471ad0c3f5e21ced3636d687eaf26d3b09a4e84f20ccbf331165c22169b46f08ef30218f0eece6d06c92970bd94

    • SSDEEP

      768:e4F+XtNtVXtZtRXtHtNXtftwXtBtutJtoXt0tJt8tuXtUtXobXtUtXQzXtUtXnaC:e4F+XtNtVXtZtRXtHtNXtftwXtBtutJe

    Score
    3/10
    • Target

      mоdmenu gta5/scriрts/0fbgb0t96l.txt

    • Size

      30KB

    • MD5

      ac5e9aa1a68f6d63378278caaf8bd8d7

    • SHA1

      f129e312fd8ffe21edbb52c8c3dc17a0e1c40fa5

    • SHA256

      e5aaec47813c52aba69429a939490d4c456db3dd28c00b79c26d78fd935e0339

    • SHA512

      b9ad33d64ec03bbca46d6451bb713c2a3d77515c16a96077fa85c4fa8f453c129ae53940aacaf6f52d2092ea89bda7f87754823d42f298ccb845a2aeff9df7f7

    • SSDEEP

      768:Dz+XtNtRXtHt1Xt0tJt8tuXtUtXQiXtUtXoeXtUtXnrXtZtV4gOsTy4/Dz3EfM+R:Dz+XtNtRXtHt1Xt0tJt8tuXtUtXQiXtQ

    Score
    3/10
    • Target

      mоdmenu gta5/scriрts/0gha3a1obr.txt

    • Size

      30KB

    • MD5

      ff6bc7160d5202d71e6029436173b77e

    • SHA1

      0790684a028fb1204888dea646bc704d5f947d03

    • SHA256

      2bdc8b45b6ebd321a575777676d5f1f3fd7d3193c4e1a4e431fc80701bc08195

    • SHA512

      811532ab186606bf20dd2f44a05255ea804b530f2b093ea21490d7cbfb5072340bdd1b680f146d23de7f30e7c0ed795655346b617bdaecc135c8d7dd1c435c2e

    • SSDEEP

      768:f+XtNtcXt0tJt8tuXtUtXQiXtUtXoeXtUtXTNXtHtcXtZtV4lyTstizqAd59fMh:f+XtNtcXt0tJt8tuXtUtXQiXtUtXoeXg

    Score
    3/10
    • Target

      mоdmenu gta5/scriрts/0h5rxtglhd.txt

    • Size

      34KB

    • MD5

      ae0bdc90c785d456379648bae3d1141d

    • SHA1

      35c1919a9f23ff7e0e281e0864baa514cf8a5aaa

    • SHA256

      72363e219aa83a99dfc5e269ee3e9c69608201bb2e199e8ae78caf2c1da293ee

    • SHA512

      09ede808eb4d7cdecb117e98bf086cb840dee628c16a9d654112c96534e02e529ede345abd890695fafa7ece9c51ecd8013f5a3046252f6866782c4d7b76d14e

    • SSDEEP

      768:e4F+XtNtVXtZtRXtHtNXtftwXtBtutJtoXt0tJt8tuXtUtXobXtUtXQzXtUtXnaT:e4F+XtNtVXtZtRXtHtNXtftwXtBtutJP

    Score
    3/10
    • Target

      mоdmenu gta5/scriрts/MailKit.dll

    • Size

      837KB

    • MD5

      c5cd71489d9c78d85d89a895bf463cc4

    • SHA1

      ab017768139d5731756260a8f9674e089347d9b9

    • SHA256

      75211b1b7c7af76c7cb09c8ee32f0cad82db86daad15633690ee3c6881a717cb

    • SHA512

      8ca003cc5a7b9253320cd66b4dc57bd8ce8b81e7a72e8d30af528b13128cfaa32739f7253f9dbc7844b00ce8a49d00370b9822db7530f0ed916b2b8f32952665

    • SSDEEP

      12288:Mz6bczVeI3nauKmSG1iFvbeu4N8OdJVRwwlBhu9hayNuw9K:MBzVrVjiFvbeug8eVRHhu6yNuw9K

    Score
    1/10
    • Target

      mоdmenu gta5/scriрts/freebl3.dll

    • Size

      893KB

    • MD5

      079f48ed995b415d79f99d7f5facacc2

    • SHA1

      06eff6d1482c5a35a85a82dd37660b237e5e76b6

    • SHA256

      f5465f6b92a425a2a8e42726976a435cc5f7ce93a2dccc670dce597db26962df

    • SHA512

      9a1366aa0c744492bd40a8b9b225946017f3db76a7f6e75dca8006dc220f78b3db7338feffa2b8f3d55a5de42b4811250297d6158270925b4baf5b10f172aad5

    • SSDEEP

      12288:3a/guyHlrThAW96zeM5mCcN9XrztMRXrUKZ/qqnhhe/lC:3QJyBTn92eM5mCcN9X/tMdYKc+hhQC

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks