Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ROBLOX EXECUTOR.zip
-
Size
13.8MB
-
Sample
240723-zbptssxbnk
-
MD5
770187f013607fbc7cbf81f65d9fb342
-
SHA1
2bda35137289e4aa0107f8c313a545facf7e9c70
-
SHA256
97b4583f626bf10fa9702567ef2b0c1fb4720291ef02f131b84a5c473dae439b
-
SHA512
b78d376692039c51ad2010bc4a567405c7932d15add3dd89807b61caa772f8f7563197307b896073b02928f25772f6dcb7a1152c9653a7f66883ae15cfbac133
-
SSDEEP
196608:z/WyOahwRAnmftmDGh2eam8Dc2Gehjs7qqz5pP3b8oEdV6Fc4gmyzmSkFR:z/W0wR94JeameVGek/Y0g1ij
Static task
static1
Behavioral task
behavioral1
Sample
SoftWare V2.1.0.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
SoftWare V2.1.0.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
SoftWare V2.1.7.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
SoftWare V2.1.7.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
lumma
https://celosiapatroen.shop/api
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
SoftWare V2.1.0.exe
-
Size
938KB
-
MD5
945cd2758d8c6ad39758a9be9bc9d183
-
SHA1
c0856c9df43f598af9e5ec7be51e0172fe47d9c3
-
SHA256
c248a06cda93d7d5dc8cf79bd4b00007110139a67a3f1ecd68cc9ea5db84b69d
-
SHA512
c564b8a9c01418c8141fe1933bd739fe514de81f9d60590ab31cabfd58a4c7b6c719b97c8d3a69d81ab1059051e75ff7c89f79f06b598b79dafc49915f393e92
-
SSDEEP
24576:hwvsLw7d1MaGrLkhilsrf719nfLSWAqixqhCjj:apMaGrLkhP/fLNXPCv
-
Suspicious use of SetThreadContext
-
-
-
Target
SoftWare V2.1.7.exe
-
Size
620KB
-
MD5
553d2164ba72fd00fc1583e6c1537491
-
SHA1
0f58db9c4639f61324278b87fb4976f23ee4c5fe
-
SHA256
15be6cc47f2dfda06ccac645c1bade87bd59028ec2a572eb905b7f5a81e8c0e4
-
SHA512
096972b9333ccb379a82378036f4e1fc1b404d4768b430dce89035e6bce04311ff4e4c7498fd4a12e4409f86d5710546263218bfcf6a23ca217e48b4d0cc81fa
-
SSDEEP
12288:r82UNTMlKa8IjOv43y9THoifOZ3V81Sh9ZCHwok5ujLVPKS9vdldPgDiJzzZM1H9:wdTMDvjOv4KH/OZyue
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-