Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3Setup/Inst...er.exe
windows10-2004-x64
10Setup/Inst...cef.js
windows10-2004-x64
3Setup/Inst...ent.js
windows10-2004-x64
3Setup/Inst...ef.dll
windows10-2004-x64
3Setup/Inst...cef.js
windows10-2004-x64
3Setup/Inst...ent.js
windows10-2004-x64
3Setup/Inst...ef.dll
windows10-2004-x64
3Setup/Inst...cef.js
windows10-2004-x64
3Setup/Inst...ent.js
windows10-2004-x64
3Setup/Inst...ef.dll
windows10-2004-x64
3Setup/Inst...cef.js
windows10-2004-x64
3Setup/Inst...ent.js
windows10-2004-x64
7Setup/Inst...ef.dll
windows10-2004-x64
3Setup/Inst...64.dll
windows10-2004-x64
1Setup/Inst...IM.dll
windows10-2004-x64
4Resubmissions
20/08/2024, 16:34
240820-t3gplssdje 10General
-
Target
Setup.rar
-
Size
108.1MB
-
Sample
240820-t3gplssdje
-
MD5
5cd3efa6966bcc24b7ec2ef53f4c1098
-
SHA1
e49ae80a90fa17e57bde3ac729d392cd063f7b1f
-
SHA256
bdfa49d0874a2b6b80a92bf323254243dd7ce0539e17f61c5ea15b68f9583f07
-
SHA512
3911e2c0745e066ff598e1d971423a2921834af93770565ec50829f6be501b24c079ce02e50ba31baef3d2a1edc8f866a17ac9d58d4853a7656770b079c1d6a3
-
SSDEEP
3145728:ek8BaaDlcfP2UlO2YZnlx44RHZ1UNb2Jjbs4t+uNT:B8DcP/PYxlxRIsfv
Static task
static1
Behavioral task
behavioral1
Sample
Setup/Installer/Installer.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
Setup/Installer/data/Config/cef.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Setup/Installer/data/Config/cef_100_percent.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
Setup/Installer/data/Config/libcef.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Setup/Installer/data/Data/cef.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral6
Sample
Setup/Installer/data/Data/cef_100_percent.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Setup/Installer/data/Data/libcef.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral8
Sample
Setup/Installer/data/INFO/cef.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
Setup/Installer/data/INFO/cef_100_percent.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral10
Sample
Setup/Installer/data/INFO/libcef.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Setup/Installer/data/cash/cef.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral12
Sample
Setup/Installer/data/cash/cef_100_percent.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Setup/Installer/data/cash/libcef.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral14
Sample
Setup/Installer/dllhelper64.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Setup/Installer/resources/AdobePIM.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
Setup/Installer/Installer.exe
-
Size
609KB
-
MD5
191b791f57d7bf001091399b7367308e
-
SHA1
6f223040ba98b7b95eba206598bce2baa7953104
-
SHA256
9f9924b7ef38ca807cf74315108555d45194cab3258bfefec7d4c95f867e4aac
-
SHA512
3036ef4647cf1eb410ef258250588c6558aac4134b8c5a60605753328be7f6a35028e73bd2c4de20157d3204c299633205c9ede7d2d846e917f6b7691ed5dfe5
-
SSDEEP
12288:HpJ4GzNtrIm5hKw6HP0+oic1NsSV0sfg2pJWehJ81EClyztRqw0VbnBY8wpQbcyS:HpJxv9hKw6HPYz1CST
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
Setup/Installer/data/Config/cef.pak
-
Size
3.9MB
-
MD5
4290bf19c70db819b4ca7a80ebabca3c
-
SHA1
2aaefa1183234d661f9e82ba40bd3c58e106d42b
-
SHA256
fb346203c063d5e48ea230b2c4947e5b9e8e600a0b5940e42b325426637c441a
-
SHA512
c2a9afce86f768e4406c4d51dd659bcd0428ddffea5b3032ca2783dae646f7274480cc74ca5dc0151c69d734ffb6c1e9188e41c62cf8bd2ea46fe890fec09944
-
SSDEEP
49152:AifgEQsYrV5qkNod4aRyuz+wwJbeuR/oSHPwolWhHHerLA5ZLCtWuAqK1pP/1HHj:fyubjHHE6GniBfyu
Score3/10 -
-
-
Target
Setup/Installer/data/Config/cef_100_percent.pak
-
Size
637KB
-
MD5
20c53b63527023e3bc2300fe83e62941
-
SHA1
0dccc5c4fa3e79cb258406050eeda2c224b6ce31
-
SHA256
65eb3dcbadc41708c3b6347f13ef1d6b0fdc48fe72dac91c41ff38d390231af7
-
SHA512
ef54e4a0c47b0621845b1f677b0136933a571c857f46ef7b556f509a5d36c771708505e3216248b540ffbcada08dc289167d91c4ceba7d678de70f499900cd22
-
SSDEEP
6144:YL/o1WxN1IZavfTx5bPQmdw45k1YCSxg0M/7OY1Ywlst+:w/o1GLx5PdTI0gRjpct+
Score3/10 -
-
-
Target
Setup/Installer/data/Config/libcef.dll
-
Size
67.2MB
-
MD5
b5936413e69ce35fb354fe0f8d2cdf30
-
SHA1
2922a763711c0547e314aa9fe188743b7dba15cc
-
SHA256
d5dc7e48951b2e48a3495d859310c2918a9ce1cbb3eff6115d41fd5073f6a991
-
SHA512
602b77069e6a330d01e2698a0361043543c6d882f37adb1b128bd3e5e82c92b962f18dc8987247f989d04e407fdb6f5ceb0295ba8c1361cc4dd2ed52336a031e
-
SSDEEP
1572864:kxSb8ZVjnswYv83QURH3ZqpFD1A0Xsw1f2L4xl+U:kob87iAgfUkb
Score3/10 -
-
-
Target
Setup/Installer/data/Data/cef.pak
-
Size
3.9MB
-
MD5
4290bf19c70db819b4ca7a80ebabca3c
-
SHA1
2aaefa1183234d661f9e82ba40bd3c58e106d42b
-
SHA256
fb346203c063d5e48ea230b2c4947e5b9e8e600a0b5940e42b325426637c441a
-
SHA512
c2a9afce86f768e4406c4d51dd659bcd0428ddffea5b3032ca2783dae646f7274480cc74ca5dc0151c69d734ffb6c1e9188e41c62cf8bd2ea46fe890fec09944
-
SSDEEP
49152:AifgEQsYrV5qkNod4aRyuz+wwJbeuR/oSHPwolWhHHerLA5ZLCtWuAqK1pP/1HHj:fyubjHHE6GniBfyu
Score3/10 -
-
-
Target
Setup/Installer/data/Data/cef_100_percent.pak
-
Size
637KB
-
MD5
20c53b63527023e3bc2300fe83e62941
-
SHA1
0dccc5c4fa3e79cb258406050eeda2c224b6ce31
-
SHA256
65eb3dcbadc41708c3b6347f13ef1d6b0fdc48fe72dac91c41ff38d390231af7
-
SHA512
ef54e4a0c47b0621845b1f677b0136933a571c857f46ef7b556f509a5d36c771708505e3216248b540ffbcada08dc289167d91c4ceba7d678de70f499900cd22
-
SSDEEP
6144:YL/o1WxN1IZavfTx5bPQmdw45k1YCSxg0M/7OY1Ywlst+:w/o1GLx5PdTI0gRjpct+
Score3/10 -
-
-
Target
Setup/Installer/data/Data/libcef.dll
-
Size
67.2MB
-
MD5
b5936413e69ce35fb354fe0f8d2cdf30
-
SHA1
2922a763711c0547e314aa9fe188743b7dba15cc
-
SHA256
d5dc7e48951b2e48a3495d859310c2918a9ce1cbb3eff6115d41fd5073f6a991
-
SHA512
602b77069e6a330d01e2698a0361043543c6d882f37adb1b128bd3e5e82c92b962f18dc8987247f989d04e407fdb6f5ceb0295ba8c1361cc4dd2ed52336a031e
-
SSDEEP
1572864:kxSb8ZVjnswYv83QURH3ZqpFD1A0Xsw1f2L4xl+U:kob87iAgfUkb
Score3/10 -
-
-
Target
Setup/Installer/data/INFO/cef.pak
-
Size
3.9MB
-
MD5
4290bf19c70db819b4ca7a80ebabca3c
-
SHA1
2aaefa1183234d661f9e82ba40bd3c58e106d42b
-
SHA256
fb346203c063d5e48ea230b2c4947e5b9e8e600a0b5940e42b325426637c441a
-
SHA512
c2a9afce86f768e4406c4d51dd659bcd0428ddffea5b3032ca2783dae646f7274480cc74ca5dc0151c69d734ffb6c1e9188e41c62cf8bd2ea46fe890fec09944
-
SSDEEP
49152:AifgEQsYrV5qkNod4aRyuz+wwJbeuR/oSHPwolWhHHerLA5ZLCtWuAqK1pP/1HHj:fyubjHHE6GniBfyu
Score3/10 -
-
-
Target
Setup/Installer/data/INFO/cef_100_percent.pak
-
Size
637KB
-
MD5
20c53b63527023e3bc2300fe83e62941
-
SHA1
0dccc5c4fa3e79cb258406050eeda2c224b6ce31
-
SHA256
65eb3dcbadc41708c3b6347f13ef1d6b0fdc48fe72dac91c41ff38d390231af7
-
SHA512
ef54e4a0c47b0621845b1f677b0136933a571c857f46ef7b556f509a5d36c771708505e3216248b540ffbcada08dc289167d91c4ceba7d678de70f499900cd22
-
SSDEEP
6144:YL/o1WxN1IZavfTx5bPQmdw45k1YCSxg0M/7OY1Ywlst+:w/o1GLx5PdTI0gRjpct+
Score3/10 -
-
-
Target
Setup/Installer/data/INFO/libcef.dll
-
Size
67.2MB
-
MD5
b5936413e69ce35fb354fe0f8d2cdf30
-
SHA1
2922a763711c0547e314aa9fe188743b7dba15cc
-
SHA256
d5dc7e48951b2e48a3495d859310c2918a9ce1cbb3eff6115d41fd5073f6a991
-
SHA512
602b77069e6a330d01e2698a0361043543c6d882f37adb1b128bd3e5e82c92b962f18dc8987247f989d04e407fdb6f5ceb0295ba8c1361cc4dd2ed52336a031e
-
SSDEEP
1572864:kxSb8ZVjnswYv83QURH3ZqpFD1A0Xsw1f2L4xl+U:kob87iAgfUkb
Score3/10 -
-
-
Target
Setup/Installer/data/cash/cef.pak
-
Size
3.9MB
-
MD5
4290bf19c70db819b4ca7a80ebabca3c
-
SHA1
2aaefa1183234d661f9e82ba40bd3c58e106d42b
-
SHA256
fb346203c063d5e48ea230b2c4947e5b9e8e600a0b5940e42b325426637c441a
-
SHA512
c2a9afce86f768e4406c4d51dd659bcd0428ddffea5b3032ca2783dae646f7274480cc74ca5dc0151c69d734ffb6c1e9188e41c62cf8bd2ea46fe890fec09944
-
SSDEEP
49152:AifgEQsYrV5qkNod4aRyuz+wwJbeuR/oSHPwolWhHHerLA5ZLCtWuAqK1pP/1HHj:fyubjHHE6GniBfyu
Score3/10 -
-
-
Target
Setup/Installer/data/cash/cef_100_percent.pak
-
Size
637KB
-
MD5
20c53b63527023e3bc2300fe83e62941
-
SHA1
0dccc5c4fa3e79cb258406050eeda2c224b6ce31
-
SHA256
65eb3dcbadc41708c3b6347f13ef1d6b0fdc48fe72dac91c41ff38d390231af7
-
SHA512
ef54e4a0c47b0621845b1f677b0136933a571c857f46ef7b556f509a5d36c771708505e3216248b540ffbcada08dc289167d91c4ceba7d678de70f499900cd22
-
SSDEEP
6144:YL/o1WxN1IZavfTx5bPQmdw45k1YCSxg0M/7OY1Ywlst+:w/o1GLx5PdTI0gRjpct+
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies system executable filetype association
-
-
-
Target
Setup/Installer/data/cash/libcef.dll
-
Size
67.2MB
-
MD5
b5936413e69ce35fb354fe0f8d2cdf30
-
SHA1
2922a763711c0547e314aa9fe188743b7dba15cc
-
SHA256
d5dc7e48951b2e48a3495d859310c2918a9ce1cbb3eff6115d41fd5073f6a991
-
SHA512
602b77069e6a330d01e2698a0361043543c6d882f37adb1b128bd3e5e82c92b962f18dc8987247f989d04e407fdb6f5ceb0295ba8c1361cc4dd2ed52336a031e
-
SSDEEP
1572864:kxSb8ZVjnswYv83QURH3ZqpFD1A0Xsw1f2L4xl+U:kob87iAgfUkb
Score3/10 -
-
-
Target
Setup/Installer/dllhelper64.dll
-
Size
228KB
-
MD5
e4c67cc149ca5fa61382f8654409feee
-
SHA1
408931b18d31562fe9f3419d7663a1cafcc7f65f
-
SHA256
f2f264bd4faa5fccf3bd32a9a7b6b5ffc90754c759dca3127be0ff107bef33a6
-
SHA512
49de4dc0de0f25dd279a33124fc4fdc2b80cec6105c70290db48f77068775f1727c5f4d996bf41f5ded424de0318a5eef9e0ad08050a0fd3a8964c94afa89f8b
-
SSDEEP
1536:6kig1Ac42h743XNd55vQryAdbEPVBbM44DdROpiMnesVWDwVPhVbOucFCDrMq1np:jT1lh743rvQ4R46hJ/Uyxu9yLBRiy
Score1/10 -
-
-
Target
Setup/Installer/resources/AdobePIM.dll
-
Size
2.1MB
-
MD5
beb8e03bb664c6715efb2523d48a10a8
-
SHA1
a366eef76eb31fca69c0e4ad9f4ca1c8747dbf87
-
SHA256
e9df32510cecde28b237510f8e04c6861b2b27bc38886450e26e9f57044ccacf
-
SHA512
36b291fc2b808cec4668fb091f80afcdcadc7dec464b3da4364ac6213657378626fd12cd9e578206c9d3293aeb07e9b9807c9ef5576da1f1a1b2dfb4990b695d
-
SSDEEP
49152:g15hDTdnSb8oibZAPxoVxBFxo8GMcsNWsniXNTOfZ1D8LnU24M:g15hndnSOOyxBjo8GMcsNWtS1inUK
Score4/10 -
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1