Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    podrebro.zip

  • Size

    59.0MB

  • Sample

    240714-kxb3hatfnk

  • MD5

    099e8c57a00d32582e52142fe56ff139

  • SHA1

    546e734f1d7d486b47635c8aa610e6b3a229ffc2

  • SHA256

    7706a695da0b080283cb224d820e8e3976ea32c8845c71362af539ddcaf30fa3

  • SHA512

    6c967650c00d3c8c90a9787321ffddb330c26173d92990778b4bfc32d6261ac9d0e5b3c635b6731489c39956417c653bf6990c251d6685c3614e521d96efd376

  • SSDEEP

    1572864:puPDz3bj8z15h6U9f8NFx8LdAtkH+xg+recPWNW2/LfGU:Mb/21f6Uh8odAtkeg2WzR

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      podrebro/library/libadaptive_plugin.dll

    • Size

      2.3MB

    • MD5

      ed259cc6c8d3a81c93701349cc7f6bec

    • SHA1

      fa544fb85a9829bfc218de902ec144c48ede8cfe

    • SHA256

      8ed68dca452b9e2ec82d5ceae1d48765b458dacaa720b3de82e34755fdc8563c

    • SHA512

      695872612c0e79291a7a006e6664e933c43cc448960e59bf2e5938f421b14e6ba9d5a37f59b2f81edc33c6da567ea91a1a84137fc06211e94f73dfa2606008cc

    • SSDEEP

      49152:7bBTsKqmWx9YPsc3MpY6YlJB4Kd9tQGZBJ9rq4Y:wioGGc7J5q4Y

    Score
    1/10
    • Target

      podrebro/library/libaiff_plugin.dll

    • Size

      42KB

    • MD5

      4bd51979a50605d996fd8b18ca81fd94

    • SHA1

      9c037f10ed10e5bc1b95198f0d1175ac8aa506d3

    • SHA256

      5ab7565cb05ab3abc1646860895f5b771dc64563f1d405c179420d46eacf482a

    • SHA512

      63d5508fb84389eaeb3cafd9ed4e8d8b6d4576232b93fe45c17c3ac77d2d82f8a74fc30ac3d44f5a20d101df8f1689116932d48680df697fcca7fab736929721

    • SSDEEP

      768:wfcK0NkqrAqpvw4MDGREJPxLbnDGREJPxJ:pK8rAqtw4UPxlPxJ

    Score
    1/10
    • Target

      podrebro/library/libasf_plugin.dll

    • Size

      119KB

    • MD5

      adb40ce292245ac624cdb1abec8e253b

    • SHA1

      126f40ac62dfe0ded6999709d62a131b664f7336

    • SHA256

      882c9dea7c3e1ef25848814fee8e9aa591f9afdc1a46270e0d5f702b0ebcad7d

    • SHA512

      b626dcf17aaa5dab6ff49a99695aa934dafebfbb8cf833a7632e0201afbf405e018636e100086f0d431cb5e56562c4e7e57f5dd34b0743eee1efd858465b2bc9

    • SSDEEP

      3072:wQGP57uGy25YF//143c+Ug7ieRJM18xUHxBH:wQGPRKF//e3/OeM1jn

    Score
    1/10
    • Target

      podrebro/library/libau_plugin.dll

    • Size

      41KB

    • MD5

      0a342c0b710f7697b6d44c5e9f006603

    • SHA1

      4ec777cf71cfbbd1ffcef4efb0ad64f8bc78385a

    • SHA256

      9e52269095c94db229ef8c39c7620cbb182df4905af0165896ecbb2437abba55

    • SHA512

      470f572f2881ef4f13665f7840087669b79ff23784139699c44bf63984b2fd381214d5051c69e14f2cbec22656262db2eaa9a95362c3e1182c062e76a49cda9a

    • SSDEEP

      768:QzQBPIBdA8L2zuqVpwADGREJPxlVRcDGREJPxLEl:kCPIku2zuiwwPxOPxgl

    Score
    1/10
    • Target

      podrebro/library/libavi_plugin.dll

    • Size

      133KB

    • MD5

      e7477dd9f3f51053b85ea2053af8932a

    • SHA1

      02dbd64626b68baddf2bb1af86cb50a3493d47ac

    • SHA256

      d1e8477d2a63b3b962b19a99d422fcea9d0899cc57659f3be36a4cb0150f03ec

    • SHA512

      ef0ff4527154a6a89ddfca42c2caad5db253fb1895f104e515420413026d63dcc3befc58ce750452e7773be1bba8d725663b19785df635a71db64b762385db1f

    • SSDEEP

      1536:naG63HLAyGmSIp5CYgQtuJzN5g00U09X0tY6Hv/GCf7DmeIVUSaG10XyLPxtPxZ:natFCFCuJzNyl0tYsH3DmeXy1HxBxZ

    Score
    1/10
    • Target

      podrebro/library/libcaf_plugin.dll

    • Size

      47KB

    • MD5

      521c6efb478581fa7912cf7c0a3c3f4b

    • SHA1

      86b46fea722f2c43207f7811e08ba9c6e8f63bcf

    • SHA256

      c73d13d00d9e55a6a3b5f4cc76ea5bc64c5ae95c47afcac5bc0601a71238bc97

    • SHA512

      749f4352134d2cbc8ec53ec71cb6869e64655ce295a02dbf62f7bd152c813354376f63d9445d6c75a68602ceb8cbd26dec6aee461f0c2304bbc8aad2aeb6d7fd

    • SSDEEP

      768:dTc8Kk+q9OVZEOW4awFDGREJPxwNDGREJPxoo:Zek+OOVWiawzPx6Pxoo

    Score
    1/10
    • Target

      podrebro/library/libdemux_cdg_plugin.dll

    • Size

      40KB

    • MD5

      6a121affac615700345b63426e7aec62

    • SHA1

      f9971e87ffa31f2e313e94b5ba481bda1470e948

    • SHA256

      fb30f4377747d055e34528dc7e13f19b29f27a6e69e0e5927130df16c83498dc

    • SHA512

      fc482975823ad44f1e96fd6d32831977d606c44e0b1a7b9559d0a4d7f47550f949269b33d764c87feb9871fedde63adff4dabe456b999e6f3e5d906f4cda0f96

    • SSDEEP

      768:8Caw/ow6pxjWpUoDGREJPxtThzMDGREJPxj:jVyjIUIPxtTWPxj

    Score
    1/10
    • Target

      podrebro/library/libdemux_chromecast_plugin.dll

    • Size

      107KB

    • MD5

      0be3746aa98b14dab1673632a7728a83

    • SHA1

      2877be0ff9f07b2b7020d8ca9af606691452b7d5

    • SHA256

      cb70e203f1ef6f305725df2d81c009387feca4964f2ecdbfb73ffdacca0919b3

    • SHA512

      5aaed87d55c3927b0f3a85849bafb9b87c463aa7b3a4c4ff0e0ed6e3e73b998aeb545a3a6d09ee776c4041a181b3b9488c7f110c338f03304051b64c94472f2c

    • SSDEEP

      1536:8Outzsnn9t4po2sqRxYXWeUm4UYYYut8MYYYrunO6UApB/18PxNPxN:zutw90FcXW04KvnO6UAexhxN

    Score
    1/10
    • Target

      podrebro/library/libdemux_stl_plugin.dll

    • Size

      43KB

    • MD5

      156ca8397083ec078cbff04ebe98ce57

    • SHA1

      0685e549a53f17e6343fb6d2ccc5e0799e0a019c

    • SHA256

      0009c1653137e8f900567b0caa637ee9cad229c8dd20845d0b891837ef5604f4

    • SHA512

      07a0192cce6b2a8d95936ecf3f1a06bd3f2ab0c9541e731a69ff001983ef2f4bf91bef6dd2892e5c5768f0f2b25b82087e0b4bc2d75ef2e99751837f28b5c60c

    • SSDEEP

      768:r4DB90o7HQ2w5xrLjmd5ho+LgvwpDGREJPx0+WVDGREJPxv:I9J+83LEwPPx0+WjPxv

    Score
    1/10
    • Target

      podrebro/library/libdemuxdump_plugin.dll

    • Size

      41KB

    • MD5

      422e88e4afb3d9f882d362df54a29a9a

    • SHA1

      2eef026f2a52aca8b95cb7eb75c38f2325a0f596

    • SHA256

      4ea78e7b443b96fe040ed79c5a3a1b5ea713c64b3d66bbe02949d644f8f169ab

    • SHA512

      9cd091c47b0af92e951497c58d923ec811b49c89bb9902b6dd8b79ae882f7c295eba8eca0b29f82d522541158f9c884da776a150adf31b0f58db79a99da17231

    • SSDEEP

      384:QRiiM7qst+OWB371R333YX4tP2SBwDavDGjoe02Nyb8E9VFDPx1wucZvDGjoe021:tiMXA7nqkPnwIDGREJPx6uc1DGREJPxG

    Score
    1/10
    • Target

      podrebro/library/libdiracsys_plugin.dll

    • Size

      41KB

    • MD5

      31eb014dc0a93b061637076fb6f4ba09

    • SHA1

      2e134a2fab6e76a87adb575118408a004ffb4e8b

    • SHA256

      184768a443d737631dd9bb9b6c60275da5f5d42ced9c9cbbd50570ec154cf6b0

    • SHA512

      8004cb6e11cbf07b1e5db491b0f9277a3221f5ec155599689b1b16f8be1acbda4d1b025166e09980b494b41c68afde36a84ed181a176739ff9d050f59ce35dd7

    • SSDEEP

      384:GH3w1HvOm0VSHvds1eS3SxArvSBwDCvDGjoe02Nyb8E9VFDPxZ/mnvDGjoe02Ny0:Gg1P9lu3aXwIDGREJPxVkDGREJPxqmg

    Score
    1/10
    • Target

      podrebro/library/libdirectory_demux_plugin.dll

    • Size

      40KB

    • MD5

      30c14b17f1e0e1b0c91d1fe991769bf3

    • SHA1

      d1f4bdf54708e4d7fd08c2e2334043ba7bde73d9

    • SHA256

      bdd2cedc64d9bb0fd85d3de2e4f558dde45301c6ab5ef3230bdfc57420a2fc0c

    • SHA512

      4806c4d9ca63f963cde7c66f3412a36b151fc71f1caa218444f89bc9037029259c14de9c8d7c1e70fcda5570a3e46346e86136e8370588a03e51a2c05abae50f

    • SSDEEP

      768:QRNRa6c4FeLfBegKKwzDGREJPxzCUDGREJPxz:Iev9BwpPxzTPxz

    Score
    1/10
    • Target

      podrebro/safeline v2.exe

    • Size

      1.4MB

    • MD5

      ea1bb9072eb5de3f8ab97136c4356413

    • SHA1

      13712e211ff8a312713e3898b76302fe99f77608

    • SHA256

      8062c187f15a2d4662ea5c7beb919159e992966d56ba29d1067516edb35d4aa9

    • SHA512

      a14ab330221d2895000c7a8abc516f352dc6197f7a54fbe890d295190794eb0cc08fc9e6fb6a3a783e2a7a6ad3c544ffc1638e2f0eee1c184e8a5ce170fc369f

    • SSDEEP

      24576:5UsajnFmkLlnKZGMZQx/OkmuRgsOK1pf/OGQdZUkWNN:5U0IMZQx/OkmuRgsOK1pf/OGQdZUkWNN

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

    • Target

      podrebro/safeline.exe

    • Size

      1.8MB

    • MD5

      26a3eccbc31131bf94c38ecc33f3ef17

    • SHA1

      8a92b0ecddca0009aadbd2312f630f8a6da3c5f8

    • SHA256

      65c70f2c14efc7c0f1b02e0a2d18c27440a5ceb67af43a97c7a215e3033f2476

    • SHA512

      ae67e43d62c98a2655753b16a387de30c8586a9a2dc552e6555b21afdb596b2d739f5542fb0c2adac12e1b45520eb4e81416dc14cb572a627510338212d4d7e1

    • SSDEEP

      49152:WOOOvLkoy1/7eF6jfBqfdG6a8fEEEELEEEEEEEpEEEEEEEm+EEEEEEEEEEEEEEEI:

    Score
    7/10
    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks