Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
7podrebro/l...in.dll
windows7-x64
1podrebro/l...in.dll
windows10-2004-x64
1podrebro/l...in.dll
windows7-x64
1podrebro/l...in.dll
windows10-2004-x64
1podrebro/l...in.dll
windows7-x64
1podrebro/l...in.dll
windows10-2004-x64
1podrebro/l...in.dll
windows7-x64
1podrebro/l...in.dll
windows10-2004-x64
1podrebro/l...in.dll
windows7-x64
1podrebro/l...in.dll
windows10-2004-x64
1podrebro/l...in.dll
windows7-x64
1podrebro/l...in.dll
windows10-2004-x64
1podrebro/l...in.dll
windows7-x64
1podrebro/l...in.dll
windows10-2004-x64
1podrebro/l...in.dll
windows7-x64
1podrebro/l...in.dll
windows10-2004-x64
1podrebro/l...in.dll
windows7-x64
1podrebro/l...in.dll
windows10-2004-x64
1podrebro/l...in.dll
windows7-x64
1podrebro/l...in.dll
windows10-2004-x64
1podrebro/l...in.dll
windows7-x64
1podrebro/l...in.dll
windows10-2004-x64
1podrebro/l...in.dll
windows7-x64
1podrebro/l...in.dll
windows10-2004-x64
1podrebro/s...v2.exe
windows7-x64
7podrebro/s...v2.exe
windows10-2004-x64
10podrebro/safeline.exe
windows7-x64
7podrebro/safeline.exe
windows10-2004-x64
7General
-
Target
podrebro.zip
-
Size
59.0MB
-
Sample
240714-kxb3hatfnk
-
MD5
099e8c57a00d32582e52142fe56ff139
-
SHA1
546e734f1d7d486b47635c8aa610e6b3a229ffc2
-
SHA256
7706a695da0b080283cb224d820e8e3976ea32c8845c71362af539ddcaf30fa3
-
SHA512
6c967650c00d3c8c90a9787321ffddb330c26173d92990778b4bfc32d6261ac9d0e5b3c635b6731489c39956417c653bf6990c251d6685c3614e521d96efd376
-
SSDEEP
1572864:puPDz3bj8z15h6U9f8NFx8LdAtkH+xg+recPWNW2/LfGU:Mb/21f6Uh8odAtkeg2WzR
Behavioral task
behavioral1
Sample
podrebro/library/libadaptive_plugin.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
podrebro/library/libadaptive_plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
podrebro/library/libaiff_plugin.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
podrebro/library/libaiff_plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
podrebro/library/libasf_plugin.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
podrebro/library/libasf_plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
podrebro/library/libau_plugin.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
podrebro/library/libau_plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
podrebro/library/libavi_plugin.dll
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
podrebro/library/libavi_plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
podrebro/library/libcaf_plugin.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
podrebro/library/libcaf_plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
podrebro/library/libdemux_cdg_plugin.dll
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
podrebro/library/libdemux_cdg_plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
podrebro/library/libdemux_chromecast_plugin.dll
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
podrebro/library/libdemux_chromecast_plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
podrebro/library/libdemux_stl_plugin.dll
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
podrebro/library/libdemux_stl_plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
podrebro/library/libdemuxdump_plugin.dll
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
podrebro/library/libdemuxdump_plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
podrebro/library/libdiracsys_plugin.dll
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
podrebro/library/libdiracsys_plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
podrebro/library/libdirectory_demux_plugin.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
podrebro/library/libdirectory_demux_plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
podrebro/safeline v2.exe
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
podrebro/safeline v2.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
podrebro/safeline.exe
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
podrebro/safeline.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
podrebro/library/libadaptive_plugin.dll
-
Size
2.3MB
-
MD5
ed259cc6c8d3a81c93701349cc7f6bec
-
SHA1
fa544fb85a9829bfc218de902ec144c48ede8cfe
-
SHA256
8ed68dca452b9e2ec82d5ceae1d48765b458dacaa720b3de82e34755fdc8563c
-
SHA512
695872612c0e79291a7a006e6664e933c43cc448960e59bf2e5938f421b14e6ba9d5a37f59b2f81edc33c6da567ea91a1a84137fc06211e94f73dfa2606008cc
-
SSDEEP
49152:7bBTsKqmWx9YPsc3MpY6YlJB4Kd9tQGZBJ9rq4Y:wioGGc7J5q4Y
Score1/10 -
-
-
Target
podrebro/library/libaiff_plugin.dll
-
Size
42KB
-
MD5
4bd51979a50605d996fd8b18ca81fd94
-
SHA1
9c037f10ed10e5bc1b95198f0d1175ac8aa506d3
-
SHA256
5ab7565cb05ab3abc1646860895f5b771dc64563f1d405c179420d46eacf482a
-
SHA512
63d5508fb84389eaeb3cafd9ed4e8d8b6d4576232b93fe45c17c3ac77d2d82f8a74fc30ac3d44f5a20d101df8f1689116932d48680df697fcca7fab736929721
-
SSDEEP
768:wfcK0NkqrAqpvw4MDGREJPxLbnDGREJPxJ:pK8rAqtw4UPxlPxJ
Score1/10 -
-
-
Target
podrebro/library/libasf_plugin.dll
-
Size
119KB
-
MD5
adb40ce292245ac624cdb1abec8e253b
-
SHA1
126f40ac62dfe0ded6999709d62a131b664f7336
-
SHA256
882c9dea7c3e1ef25848814fee8e9aa591f9afdc1a46270e0d5f702b0ebcad7d
-
SHA512
b626dcf17aaa5dab6ff49a99695aa934dafebfbb8cf833a7632e0201afbf405e018636e100086f0d431cb5e56562c4e7e57f5dd34b0743eee1efd858465b2bc9
-
SSDEEP
3072:wQGP57uGy25YF//143c+Ug7ieRJM18xUHxBH:wQGPRKF//e3/OeM1jn
Score1/10 -
-
-
Target
podrebro/library/libau_plugin.dll
-
Size
41KB
-
MD5
0a342c0b710f7697b6d44c5e9f006603
-
SHA1
4ec777cf71cfbbd1ffcef4efb0ad64f8bc78385a
-
SHA256
9e52269095c94db229ef8c39c7620cbb182df4905af0165896ecbb2437abba55
-
SHA512
470f572f2881ef4f13665f7840087669b79ff23784139699c44bf63984b2fd381214d5051c69e14f2cbec22656262db2eaa9a95362c3e1182c062e76a49cda9a
-
SSDEEP
768:QzQBPIBdA8L2zuqVpwADGREJPxlVRcDGREJPxLEl:kCPIku2zuiwwPxOPxgl
Score1/10 -
-
-
Target
podrebro/library/libavi_plugin.dll
-
Size
133KB
-
MD5
e7477dd9f3f51053b85ea2053af8932a
-
SHA1
02dbd64626b68baddf2bb1af86cb50a3493d47ac
-
SHA256
d1e8477d2a63b3b962b19a99d422fcea9d0899cc57659f3be36a4cb0150f03ec
-
SHA512
ef0ff4527154a6a89ddfca42c2caad5db253fb1895f104e515420413026d63dcc3befc58ce750452e7773be1bba8d725663b19785df635a71db64b762385db1f
-
SSDEEP
1536:naG63HLAyGmSIp5CYgQtuJzN5g00U09X0tY6Hv/GCf7DmeIVUSaG10XyLPxtPxZ:natFCFCuJzNyl0tYsH3DmeXy1HxBxZ
Score1/10 -
-
-
Target
podrebro/library/libcaf_plugin.dll
-
Size
47KB
-
MD5
521c6efb478581fa7912cf7c0a3c3f4b
-
SHA1
86b46fea722f2c43207f7811e08ba9c6e8f63bcf
-
SHA256
c73d13d00d9e55a6a3b5f4cc76ea5bc64c5ae95c47afcac5bc0601a71238bc97
-
SHA512
749f4352134d2cbc8ec53ec71cb6869e64655ce295a02dbf62f7bd152c813354376f63d9445d6c75a68602ceb8cbd26dec6aee461f0c2304bbc8aad2aeb6d7fd
-
SSDEEP
768:dTc8Kk+q9OVZEOW4awFDGREJPxwNDGREJPxoo:Zek+OOVWiawzPx6Pxoo
Score1/10 -
-
-
Target
podrebro/library/libdemux_cdg_plugin.dll
-
Size
40KB
-
MD5
6a121affac615700345b63426e7aec62
-
SHA1
f9971e87ffa31f2e313e94b5ba481bda1470e948
-
SHA256
fb30f4377747d055e34528dc7e13f19b29f27a6e69e0e5927130df16c83498dc
-
SHA512
fc482975823ad44f1e96fd6d32831977d606c44e0b1a7b9559d0a4d7f47550f949269b33d764c87feb9871fedde63adff4dabe456b999e6f3e5d906f4cda0f96
-
SSDEEP
768:8Caw/ow6pxjWpUoDGREJPxtThzMDGREJPxj:jVyjIUIPxtTWPxj
Score1/10 -
-
-
Target
podrebro/library/libdemux_chromecast_plugin.dll
-
Size
107KB
-
MD5
0be3746aa98b14dab1673632a7728a83
-
SHA1
2877be0ff9f07b2b7020d8ca9af606691452b7d5
-
SHA256
cb70e203f1ef6f305725df2d81c009387feca4964f2ecdbfb73ffdacca0919b3
-
SHA512
5aaed87d55c3927b0f3a85849bafb9b87c463aa7b3a4c4ff0e0ed6e3e73b998aeb545a3a6d09ee776c4041a181b3b9488c7f110c338f03304051b64c94472f2c
-
SSDEEP
1536:8Outzsnn9t4po2sqRxYXWeUm4UYYYut8MYYYrunO6UApB/18PxNPxN:zutw90FcXW04KvnO6UAexhxN
Score1/10 -
-
-
Target
podrebro/library/libdemux_stl_plugin.dll
-
Size
43KB
-
MD5
156ca8397083ec078cbff04ebe98ce57
-
SHA1
0685e549a53f17e6343fb6d2ccc5e0799e0a019c
-
SHA256
0009c1653137e8f900567b0caa637ee9cad229c8dd20845d0b891837ef5604f4
-
SHA512
07a0192cce6b2a8d95936ecf3f1a06bd3f2ab0c9541e731a69ff001983ef2f4bf91bef6dd2892e5c5768f0f2b25b82087e0b4bc2d75ef2e99751837f28b5c60c
-
SSDEEP
768:r4DB90o7HQ2w5xrLjmd5ho+LgvwpDGREJPx0+WVDGREJPxv:I9J+83LEwPPx0+WjPxv
Score1/10 -
-
-
Target
podrebro/library/libdemuxdump_plugin.dll
-
Size
41KB
-
MD5
422e88e4afb3d9f882d362df54a29a9a
-
SHA1
2eef026f2a52aca8b95cb7eb75c38f2325a0f596
-
SHA256
4ea78e7b443b96fe040ed79c5a3a1b5ea713c64b3d66bbe02949d644f8f169ab
-
SHA512
9cd091c47b0af92e951497c58d923ec811b49c89bb9902b6dd8b79ae882f7c295eba8eca0b29f82d522541158f9c884da776a150adf31b0f58db79a99da17231
-
SSDEEP
384:QRiiM7qst+OWB371R333YX4tP2SBwDavDGjoe02Nyb8E9VFDPx1wucZvDGjoe021:tiMXA7nqkPnwIDGREJPx6uc1DGREJPxG
Score1/10 -
-
-
Target
podrebro/library/libdiracsys_plugin.dll
-
Size
41KB
-
MD5
31eb014dc0a93b061637076fb6f4ba09
-
SHA1
2e134a2fab6e76a87adb575118408a004ffb4e8b
-
SHA256
184768a443d737631dd9bb9b6c60275da5f5d42ced9c9cbbd50570ec154cf6b0
-
SHA512
8004cb6e11cbf07b1e5db491b0f9277a3221f5ec155599689b1b16f8be1acbda4d1b025166e09980b494b41c68afde36a84ed181a176739ff9d050f59ce35dd7
-
SSDEEP
384:GH3w1HvOm0VSHvds1eS3SxArvSBwDCvDGjoe02Nyb8E9VFDPxZ/mnvDGjoe02Ny0:Gg1P9lu3aXwIDGREJPxVkDGREJPxqmg
Score1/10 -
-
-
Target
podrebro/library/libdirectory_demux_plugin.dll
-
Size
40KB
-
MD5
30c14b17f1e0e1b0c91d1fe991769bf3
-
SHA1
d1f4bdf54708e4d7fd08c2e2334043ba7bde73d9
-
SHA256
bdd2cedc64d9bb0fd85d3de2e4f558dde45301c6ab5ef3230bdfc57420a2fc0c
-
SHA512
4806c4d9ca63f963cde7c66f3412a36b151fc71f1caa218444f89bc9037029259c14de9c8d7c1e70fcda5570a3e46346e86136e8370588a03e51a2c05abae50f
-
SSDEEP
768:QRNRa6c4FeLfBegKKwzDGREJPxzCUDGREJPxz:Iev9BwpPxzTPxz
Score1/10 -
-
-
Target
podrebro/safeline v2.exe
-
Size
1.4MB
-
MD5
ea1bb9072eb5de3f8ab97136c4356413
-
SHA1
13712e211ff8a312713e3898b76302fe99f77608
-
SHA256
8062c187f15a2d4662ea5c7beb919159e992966d56ba29d1067516edb35d4aa9
-
SHA512
a14ab330221d2895000c7a8abc516f352dc6197f7a54fbe890d295190794eb0cc08fc9e6fb6a3a783e2a7a6ad3c544ffc1638e2f0eee1c184e8a5ce170fc369f
-
SSDEEP
24576:5UsajnFmkLlnKZGMZQx/OkmuRgsOK1pf/OGQdZUkWNN:5U0IMZQx/OkmuRgsOK1pf/OGQdZUkWNN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
podrebro/safeline.exe
-
Size
1.8MB
-
MD5
26a3eccbc31131bf94c38ecc33f3ef17
-
SHA1
8a92b0ecddca0009aadbd2312f630f8a6da3c5f8
-
SHA256
65c70f2c14efc7c0f1b02e0a2d18c27440a5ceb67af43a97c7a215e3033f2476
-
SHA512
ae67e43d62c98a2655753b16a387de30c8586a9a2dc552e6555b21afdb596b2d739f5542fb0c2adac12e1b45520eb4e81416dc14cb572a627510338212d4d7e1
-
SSDEEP
49152:WOOOvLkoy1/7eF6jfBqfdG6a8fEEEELEEEEEEEpEEEEEEEm+EEEEEEEEEEEEEEEI:
Score7/10-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-