Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Setup/Inst...er.exe

windows10-2004-x64

10

Setup/Inst...cef.js

windows10-2004-x64

3

Setup/Inst...ent.js

windows10-2004-x64

3

Setup/Inst...ef.dll

windows10-2004-x64

3

Setup/Inst...cef.js

windows10-2004-x64

3

Setup/Inst...ent.js

windows10-2004-x64

3

Setup/Inst...ef.dll

windows10-2004-x64

3

Setup/Inst...cef.js

windows10-2004-x64

3

Setup/Inst...ent.js

windows10-2004-x64

3

Setup/Inst...ef.dll

windows10-2004-x64

3

Setup/Inst...cef.js

windows10-2004-x64

3

Setup/Inst...ent.js

windows10-2004-x64

7

Setup/Inst...ef.dll

windows10-2004-x64

3

Setup/Inst...64.dll

windows10-2004-x64

1

Setup/Inst...IM.dll

windows10-2004-x64

4

Resubmissions

20/08/2024, 16:34

240820-t3gplssdje 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.rar

  • Size

    108.1MB

  • Sample

    240820-t3gplssdje

  • MD5

    5cd3efa6966bcc24b7ec2ef53f4c1098

  • SHA1

    e49ae80a90fa17e57bde3ac729d392cd063f7b1f

  • SHA256

    bdfa49d0874a2b6b80a92bf323254243dd7ce0539e17f61c5ea15b68f9583f07

  • SHA512

    3911e2c0745e066ff598e1d971423a2921834af93770565ec50829f6be501b24c079ce02e50ba31baef3d2a1edc8f866a17ac9d58d4853a7656770b079c1d6a3

  • SSDEEP

    3145728:ek8BaaDlcfP2UlO2YZnlx44RHZ1UNb2Jjbs4t+uNT:B8DcP/PYxlxRIsfv

Score
10/10
redlinecredential_accessdiscoveryexecutioninfostealerpersistenceprivilege_escalationspywarestealer

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      Setup/Installer/Installer.exe

    • Size

      609KB

    • MD5

      191b791f57d7bf001091399b7367308e

    • SHA1

      6f223040ba98b7b95eba206598bce2baa7953104

    • SHA256

      9f9924b7ef38ca807cf74315108555d45194cab3258bfefec7d4c95f867e4aac

    • SHA512

      3036ef4647cf1eb410ef258250588c6558aac4134b8c5a60605753328be7f6a35028e73bd2c4de20157d3204c299633205c9ede7d2d846e917f6b7691ed5dfe5

    • SSDEEP

      12288:HpJ4GzNtrIm5hKw6HP0+oic1NsSV0sfg2pJWehJ81EClyztRqw0VbnBY8wpQbcyS:HpJxv9hKw6HPYz1CST

    Score
    10/10
    redlinecredential_accessdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      Setup/Installer/data/Config/cef.pak

    • Size

      3.9MB

    • MD5

      4290bf19c70db819b4ca7a80ebabca3c

    • SHA1

      2aaefa1183234d661f9e82ba40bd3c58e106d42b

    • SHA256

      fb346203c063d5e48ea230b2c4947e5b9e8e600a0b5940e42b325426637c441a

    • SHA512

      c2a9afce86f768e4406c4d51dd659bcd0428ddffea5b3032ca2783dae646f7274480cc74ca5dc0151c69d734ffb6c1e9188e41c62cf8bd2ea46fe890fec09944

    • SSDEEP

      49152:AifgEQsYrV5qkNod4aRyuz+wwJbeuR/oSHPwolWhHHerLA5ZLCtWuAqK1pP/1HHj:fyubjHHE6GniBfyu

    Score
    3/10
    execution
    behavioral2

    • Target

      Setup/Installer/data/Config/cef_100_percent.pak

    • Size

      637KB

    • MD5

      20c53b63527023e3bc2300fe83e62941

    • SHA1

      0dccc5c4fa3e79cb258406050eeda2c224b6ce31

    • SHA256

      65eb3dcbadc41708c3b6347f13ef1d6b0fdc48fe72dac91c41ff38d390231af7

    • SHA512

      ef54e4a0c47b0621845b1f677b0136933a571c857f46ef7b556f509a5d36c771708505e3216248b540ffbcada08dc289167d91c4ceba7d678de70f499900cd22

    • SSDEEP

      6144:YL/o1WxN1IZavfTx5bPQmdw45k1YCSxg0M/7OY1Ywlst+:w/o1GLx5PdTI0gRjpct+

    Score
    3/10
    execution
    behavioral3

    • Target

      Setup/Installer/data/Config/libcef.dll

    • Size

      67.2MB

    • MD5

      b5936413e69ce35fb354fe0f8d2cdf30

    • SHA1

      2922a763711c0547e314aa9fe188743b7dba15cc

    • SHA256

      d5dc7e48951b2e48a3495d859310c2918a9ce1cbb3eff6115d41fd5073f6a991

    • SHA512

      602b77069e6a330d01e2698a0361043543c6d882f37adb1b128bd3e5e82c92b962f18dc8987247f989d04e407fdb6f5ceb0295ba8c1361cc4dd2ed52336a031e

    • SSDEEP

      1572864:kxSb8ZVjnswYv83QURH3ZqpFD1A0Xsw1f2L4xl+U:kob87iAgfUkb

    Score
    3/10
    discovery
    behavioral4

    • Target

      Setup/Installer/data/Data/cef.pak

    • Size

      3.9MB

    • MD5

      4290bf19c70db819b4ca7a80ebabca3c

    • SHA1

      2aaefa1183234d661f9e82ba40bd3c58e106d42b

    • SHA256

      fb346203c063d5e48ea230b2c4947e5b9e8e600a0b5940e42b325426637c441a

    • SHA512

      c2a9afce86f768e4406c4d51dd659bcd0428ddffea5b3032ca2783dae646f7274480cc74ca5dc0151c69d734ffb6c1e9188e41c62cf8bd2ea46fe890fec09944

    • SSDEEP

      49152:AifgEQsYrV5qkNod4aRyuz+wwJbeuR/oSHPwolWhHHerLA5ZLCtWuAqK1pP/1HHj:fyubjHHE6GniBfyu

    Score
    3/10
    execution
    behavioral5

    • Target

      Setup/Installer/data/Data/cef_100_percent.pak

    • Size

      637KB

    • MD5

      20c53b63527023e3bc2300fe83e62941

    • SHA1

      0dccc5c4fa3e79cb258406050eeda2c224b6ce31

    • SHA256

      65eb3dcbadc41708c3b6347f13ef1d6b0fdc48fe72dac91c41ff38d390231af7

    • SHA512

      ef54e4a0c47b0621845b1f677b0136933a571c857f46ef7b556f509a5d36c771708505e3216248b540ffbcada08dc289167d91c4ceba7d678de70f499900cd22

    • SSDEEP

      6144:YL/o1WxN1IZavfTx5bPQmdw45k1YCSxg0M/7OY1Ywlst+:w/o1GLx5PdTI0gRjpct+

    Score
    3/10
    execution
    behavioral6

    • Target

      Setup/Installer/data/Data/libcef.dll

    • Size

      67.2MB

    • MD5

      b5936413e69ce35fb354fe0f8d2cdf30

    • SHA1

      2922a763711c0547e314aa9fe188743b7dba15cc

    • SHA256

      d5dc7e48951b2e48a3495d859310c2918a9ce1cbb3eff6115d41fd5073f6a991

    • SHA512

      602b77069e6a330d01e2698a0361043543c6d882f37adb1b128bd3e5e82c92b962f18dc8987247f989d04e407fdb6f5ceb0295ba8c1361cc4dd2ed52336a031e

    • SSDEEP

      1572864:kxSb8ZVjnswYv83QURH3ZqpFD1A0Xsw1f2L4xl+U:kob87iAgfUkb

    Score
    3/10
    discovery
    behavioral7

    • Target

      Setup/Installer/data/INFO/cef.pak

    • Size

      3.9MB

    • MD5

      4290bf19c70db819b4ca7a80ebabca3c

    • SHA1

      2aaefa1183234d661f9e82ba40bd3c58e106d42b

    • SHA256

      fb346203c063d5e48ea230b2c4947e5b9e8e600a0b5940e42b325426637c441a

    • SHA512

      c2a9afce86f768e4406c4d51dd659bcd0428ddffea5b3032ca2783dae646f7274480cc74ca5dc0151c69d734ffb6c1e9188e41c62cf8bd2ea46fe890fec09944

    • SSDEEP

      49152:AifgEQsYrV5qkNod4aRyuz+wwJbeuR/oSHPwolWhHHerLA5ZLCtWuAqK1pP/1HHj:fyubjHHE6GniBfyu

    Score
    3/10
    execution
    behavioral8

    • Target

      Setup/Installer/data/INFO/cef_100_percent.pak

    • Size

      637KB

    • MD5

      20c53b63527023e3bc2300fe83e62941

    • SHA1

      0dccc5c4fa3e79cb258406050eeda2c224b6ce31

    • SHA256

      65eb3dcbadc41708c3b6347f13ef1d6b0fdc48fe72dac91c41ff38d390231af7

    • SHA512

      ef54e4a0c47b0621845b1f677b0136933a571c857f46ef7b556f509a5d36c771708505e3216248b540ffbcada08dc289167d91c4ceba7d678de70f499900cd22

    • SSDEEP

      6144:YL/o1WxN1IZavfTx5bPQmdw45k1YCSxg0M/7OY1Ywlst+:w/o1GLx5PdTI0gRjpct+

    Score
    3/10
    execution
    behavioral9

    • Target

      Setup/Installer/data/INFO/libcef.dll

    • Size

      67.2MB

    • MD5

      b5936413e69ce35fb354fe0f8d2cdf30

    • SHA1

      2922a763711c0547e314aa9fe188743b7dba15cc

    • SHA256

      d5dc7e48951b2e48a3495d859310c2918a9ce1cbb3eff6115d41fd5073f6a991

    • SHA512

      602b77069e6a330d01e2698a0361043543c6d882f37adb1b128bd3e5e82c92b962f18dc8987247f989d04e407fdb6f5ceb0295ba8c1361cc4dd2ed52336a031e

    • SSDEEP

      1572864:kxSb8ZVjnswYv83QURH3ZqpFD1A0Xsw1f2L4xl+U:kob87iAgfUkb

    Score
    3/10
    discovery
    behavioral10

    • Target

      Setup/Installer/data/cash/cef.pak

    • Size

      3.9MB

    • MD5

      4290bf19c70db819b4ca7a80ebabca3c

    • SHA1

      2aaefa1183234d661f9e82ba40bd3c58e106d42b

    • SHA256

      fb346203c063d5e48ea230b2c4947e5b9e8e600a0b5940e42b325426637c441a

    • SHA512

      c2a9afce86f768e4406c4d51dd659bcd0428ddffea5b3032ca2783dae646f7274480cc74ca5dc0151c69d734ffb6c1e9188e41c62cf8bd2ea46fe890fec09944

    • SSDEEP

      49152:AifgEQsYrV5qkNod4aRyuz+wwJbeuR/oSHPwolWhHHerLA5ZLCtWuAqK1pP/1HHj:fyubjHHE6GniBfyu

    Score
    3/10
    execution
    behavioral11

    • Target

      Setup/Installer/data/cash/cef_100_percent.pak

    • Size

      637KB

    • MD5

      20c53b63527023e3bc2300fe83e62941

    • SHA1

      0dccc5c4fa3e79cb258406050eeda2c224b6ce31

    • SHA256

      65eb3dcbadc41708c3b6347f13ef1d6b0fdc48fe72dac91c41ff38d390231af7

    • SHA512

      ef54e4a0c47b0621845b1f677b0136933a571c857f46ef7b556f509a5d36c771708505e3216248b540ffbcada08dc289167d91c4ceba7d678de70f499900cd22

    • SSDEEP

      6144:YL/o1WxN1IZavfTx5bPQmdw45k1YCSxg0M/7OY1Ywlst+:w/o1GLx5PdTI0gRjpct+

    Score
    7/10
    discoveryexecutionpersistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Modifies system executable filetype association

      persistence
    behavioral12

    • Target

      Setup/Installer/data/cash/libcef.dll

    • Size

      67.2MB

    • MD5

      b5936413e69ce35fb354fe0f8d2cdf30

    • SHA1

      2922a763711c0547e314aa9fe188743b7dba15cc

    • SHA256

      d5dc7e48951b2e48a3495d859310c2918a9ce1cbb3eff6115d41fd5073f6a991

    • SHA512

      602b77069e6a330d01e2698a0361043543c6d882f37adb1b128bd3e5e82c92b962f18dc8987247f989d04e407fdb6f5ceb0295ba8c1361cc4dd2ed52336a031e

    • SSDEEP

      1572864:kxSb8ZVjnswYv83QURH3ZqpFD1A0Xsw1f2L4xl+U:kob87iAgfUkb

    Score
    3/10
    discovery
    behavioral13

    • Target

      Setup/Installer/dllhelper64.dll

    • Size

      228KB

    • MD5

      e4c67cc149ca5fa61382f8654409feee

    • SHA1

      408931b18d31562fe9f3419d7663a1cafcc7f65f

    • SHA256

      f2f264bd4faa5fccf3bd32a9a7b6b5ffc90754c759dca3127be0ff107bef33a6

    • SHA512

      49de4dc0de0f25dd279a33124fc4fdc2b80cec6105c70290db48f77068775f1727c5f4d996bf41f5ded424de0318a5eef9e0ad08050a0fd3a8964c94afa89f8b

    • SSDEEP

      1536:6kig1Ac42h743XNd55vQryAdbEPVBbM44DdROpiMnesVWDwVPhVbOucFCDrMq1np:jT1lh743rvQ4R46hJ/Uyxu9yLBRiy

    Score
    1/10
    behavioral14

    • Target

      Setup/Installer/resources/AdobePIM.dll

    • Size

      2.1MB

    • MD5

      beb8e03bb664c6715efb2523d48a10a8

    • SHA1

      a366eef76eb31fca69c0e4ad9f4ca1c8747dbf87

    • SHA256

      e9df32510cecde28b237510f8e04c6861b2b27bc38886450e26e9f57044ccacf

    • SHA512

      36b291fc2b808cec4668fb091f80afcdcadc7dec464b3da4364ac6213657378626fd12cd9e578206c9d3293aeb07e9b9807c9ef5576da1f1a1b2dfb4990b695d

    • SSDEEP

      49152:g15hDTdnSb8oibZAPxoVxBFxo8GMcsNWsniXNTOfZ1D8LnU24M:g15hndnSOOyxBjo8GMcsNWtS1inUK

    Score
    4/10
    discovery
    behavioral15

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Persistence

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks