Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
9devexec.zip
windows7-x64
6devexec.zip
windows10-2004-x64
10devexec/Bo...07.exe
windows7-x64
10devexec/Bo...07.exe
windows10-2004-x64
10devexec/bin/api.dll
windows7-x64
3devexec/bin/api.dll
windows10-2004-x64
3devexec/de...07.exe
windows7-x64
10devexec/de...07.exe
windows10-2004-x64
10devexec/de...pi.dll
windows7-x64
3devexec/de...pi.dll
windows10-2004-x64
3General
-
Target
devexec.zip
-
Size
38.1MB
-
Sample
240929-tqhfda1cpj
-
MD5
99c2b6dfb4e472e398623a28a3ce09cb
-
SHA1
d5631461421dd89ba441090c3950111665c65b69
-
SHA256
403b1c1beea21cf4f778efd7ad30faf14ecefcd192e99912c9676401c7695a9e
-
SHA512
33142e73b45bebcc626fccfbdef33d9240b8f01d2f5b58d93296f249af091c002687f633a00ceb1a8a304e7e2c066ea86614fe8ff1d466f818f2a7c44c5d578e
-
SSDEEP
786432:Y9JMLusOkhflEH9JMLusOkhflRVNyVDNTGsVVsNh3brIXpa+XqDCyGzsmtruuwCa:Y9WqknI9WqknUZKsVVsNh/IXpEeBzsms
Behavioral task
behavioral1
Sample
devexec.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
devexec.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
devexec/Bootstrapper 1.07.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
devexec/Bootstrapper 1.07.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
devexec/bin/api.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
devexec/bin/api.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
devexec/devexec/Bootstrapper 1.07.exe
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
devexec/devexec/Bootstrapper 1.07.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
devexec/devexec/bin/api.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
devexec/devexec/bin/api.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
devexec.zip
-
Size
38.1MB
-
MD5
99c2b6dfb4e472e398623a28a3ce09cb
-
SHA1
d5631461421dd89ba441090c3950111665c65b69
-
SHA256
403b1c1beea21cf4f778efd7ad30faf14ecefcd192e99912c9676401c7695a9e
-
SHA512
33142e73b45bebcc626fccfbdef33d9240b8f01d2f5b58d93296f249af091c002687f633a00ceb1a8a304e7e2c066ea86614fe8ff1d466f818f2a7c44c5d578e
-
SSDEEP
786432:Y9JMLusOkhflEH9JMLusOkhflRVNyVDNTGsVVsNh3brIXpa+XqDCyGzsmtruuwCa:Y9WqknI9WqknUZKsVVsNh/IXpEeBzsms
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
devexec/Bootstrapper 1.07.exe
-
Size
310KB
-
MD5
66e2659120cbf66a1d60e63e76c941d6
-
SHA1
d38f3933adb3e70a4f4878fd9388d1f6941981dc
-
SHA256
816b9928538d75d5eabc68327879e3e205bfe820495a20fa06696865282be378
-
SHA512
734271b93cbac615b2b8811c2848bbb5b8818414292e5f8261c45ee54dd3f1310002441193e76c83b686ca16be09cc1b0a3d948533ac1b6a23568cfe5018c8c2
-
SSDEEP
6144:T6hThwAw9HYOzx6BsO/HxISYVFOFM5gdrOpCubFQEXYYSjxSHZbk:T+tmHYuO/RxYy650OpCaF8YSlSHZbk
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
devexec/bin/api
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score3/10 -
-
-
Target
devexec/devexec/Bootstrapper 1.07.exe
-
Size
310KB
-
MD5
66e2659120cbf66a1d60e63e76c941d6
-
SHA1
d38f3933adb3e70a4f4878fd9388d1f6941981dc
-
SHA256
816b9928538d75d5eabc68327879e3e205bfe820495a20fa06696865282be378
-
SHA512
734271b93cbac615b2b8811c2848bbb5b8818414292e5f8261c45ee54dd3f1310002441193e76c83b686ca16be09cc1b0a3d948533ac1b6a23568cfe5018c8c2
-
SSDEEP
6144:T6hThwAw9HYOzx6BsO/HxISYVFOFM5gdrOpCubFQEXYYSjxSHZbk:T+tmHYuO/RxYy650OpCaF8YSlSHZbk
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
devexec/devexec/bin/api
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2