Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
7podrebro/s...v2.exe
windows10-1703-x64
10podrebro/s...v2.exe
windows10-2004-x64
10podrebro/s...v2.exe
android-11-x64
podrebro/s...v2.exe
macos-10.15-amd64
4podrebro/safeline.exe
windows10-1703-x64
7podrebro/safeline.exe
windows10-2004-x64
7podrebro/safeline.exe
android-11-x64
podrebro/safeline.exe
macos-10.15-amd64
4General
-
Target
podrebro.zip
-
Size
59.0MB
-
Sample
240713-zpdzfswhpm
-
MD5
099e8c57a00d32582e52142fe56ff139
-
SHA1
546e734f1d7d486b47635c8aa610e6b3a229ffc2
-
SHA256
7706a695da0b080283cb224d820e8e3976ea32c8845c71362af539ddcaf30fa3
-
SHA512
6c967650c00d3c8c90a9787321ffddb330c26173d92990778b4bfc32d6261ac9d0e5b3c635b6731489c39956417c653bf6990c251d6685c3614e521d96efd376
-
SSDEEP
1572864:puPDz3bj8z15h6U9f8NFx8LdAtkH+xg+recPWNW2/LfGU:Mb/21f6Uh8odAtkeg2WzR
Behavioral task
behavioral1
Sample
podrebro/safeline v2.exe
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
podrebro/safeline v2.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
podrebro/safeline v2.exe
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
podrebro/safeline v2.exe
Resource
macos-20240711.1-en
Behavioral task
behavioral5
Sample
podrebro/safeline.exe
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
podrebro/safeline.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
podrebro/safeline.exe
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral8
Sample
podrebro/safeline.exe
Resource
macos-20240711.1-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
podrebro/safeline v2.exe
-
Size
1.4MB
-
MD5
ea1bb9072eb5de3f8ab97136c4356413
-
SHA1
13712e211ff8a312713e3898b76302fe99f77608
-
SHA256
8062c187f15a2d4662ea5c7beb919159e992966d56ba29d1067516edb35d4aa9
-
SHA512
a14ab330221d2895000c7a8abc516f352dc6197f7a54fbe890d295190794eb0cc08fc9e6fb6a3a783e2a7a6ad3c544ffc1638e2f0eee1c184e8a5ce170fc369f
-
SSDEEP
24576:5UsajnFmkLlnKZGMZQx/OkmuRgsOK1pf/OGQdZUkWNN:5U0IMZQx/OkmuRgsOK1pf/OGQdZUkWNN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
podrebro/safeline.exe
-
Size
1.8MB
-
MD5
26a3eccbc31131bf94c38ecc33f3ef17
-
SHA1
8a92b0ecddca0009aadbd2312f630f8a6da3c5f8
-
SHA256
65c70f2c14efc7c0f1b02e0a2d18c27440a5ceb67af43a97c7a215e3033f2476
-
SHA512
ae67e43d62c98a2655753b16a387de30c8586a9a2dc552e6555b21afdb596b2d739f5542fb0c2adac12e1b45520eb4e81416dc14cb572a627510338212d4d7e1
-
SSDEEP
49152:WOOOvLkoy1/7eF6jfBqfdG6a8fEEEELEEEEEEEpEEEEEEEm+EEEEEEEEEEEEEEEI:
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-