Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

9

Executor/M...re.dll

windows7-x64

1

Executor/M...re.dll

windows10-2004-x64

1

Executor/M...ms.dll

windows7-x64

1

Executor/M...ms.dll

windows10-2004-x64

1

Executor/Xeno.exe

windows7-x64

10

Executor/Xeno.exe

windows10-2004-x64

10

Executor/l...pi.dll

windows7-x64

3

Executor/l...pi.dll

windows10-2004-x64

3

Executor/s...Dex.js

windows7-x64

3

Executor/s...Dex.js

windows10-2004-x64

3

Executor/s...eld.js

windows7-x64

3

Executor/s...eld.js

windows10-2004-x64

3

Executor/s...Env.js

windows7-x64

3

Executor/s...Env.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BооtstrарperV1.18.zip

  • Size

    59.5MB

  • Sample

    241013-e4bsestcjj

  • MD5

    1b4ef0d12daa39fd897de68f4518ec9f

  • SHA1

    0d497101be7b7df328002fea7199a86c1578265b

  • SHA256

    1f274b51237c717634a5ea765b2ef2db2f9625ddfdd5980dff45150c10f769bd

  • SHA512

    0aff2ecf68b9bf0bacd00743dcfad2f65f3dc95a08a33aa8dce87a65edda5bc980821299a8ce2ad3bc1c54c6942d6a301adf2bdf12e79e954c359c06203b1ab3

  • SSDEEP

    1572864:9kxHc7oAWLbGf3OH0Gtl2KGNyg9FkStS0PZ5Pj8yuLlopNzs:exHcYbaRGtlUt9WW81LOpN4

Score
10/10
redlinecryptonediscoveryexecutioninfostealerpackerspyware

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      Executor/Microsoft.Web.WebView2.Core.dll

    • Size

      557KB

    • MD5

      b037ca44fd19b8eedb6d5b9de3e48469

    • SHA1

      1f328389c62cf673b3de97e1869c139d2543494e

    • SHA256

      11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197

    • SHA512

      fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b

    • SSDEEP

      12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv

    Score
    1/10
    behavioral1behavioral2

    • Target

      Executor/Microsoft.Web.WebView2.WinForms.dll

    • Size

      37KB

    • MD5

      8153423918c8cbf54b44acec01f1d6c2

    • SHA1

      f0c3c5412b809725e6d4809230adb15cc7d83ad2

    • SHA256

      5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4

    • SHA512

      f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87

    • SSDEEP

      768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/

    Score
    1/10
    behavioral3behavioral4

    • Target

      Executor/Xeno.exe

    • Size

      940KB

    • MD5

      8cd91466705ef28b8a6d182630c60b50

    • SHA1

      8c0c79da29454ceb0735a118c44ae13d75e6f005

    • SHA256

      8ca88570597b59e3b7130ce6e5ffe5a238f053abd8d3b65ec4288ca8cd87a8f7

    • SHA512

      56341bb425ff3e30a7aa4319cbd916c2f1ff6d61aa3a9c8d8c5375f8df27711cac4474b1cf646afe19e38adb2aabd4a4c96ac0009d4d448d1c2dd9e79c18088f

    • SSDEEP

      24576:8hkCmQkV1bP02HbRX2AZj6egjU9TX28kptc0tCqE:86CvkV1bP02HbGegjKWPconE

    Score
    10/10
    redlinediscoveryinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

    • Target

      Executor/locales/bin/api

    • Size

      18.7MB

    • MD5

      88fd7dbf04bcf75123d02009aea3f7f7

    • SHA1

      cecf16bdad71e54afc941179ea2b7438a04efa1d

    • SHA256

      01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4

    • SHA512

      2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917

    • SSDEEP

      393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      Executor/scripts/Dex.lua

    • Size

      410KB

    • MD5

      e37374a8aa47cf8ac6d56901436e199f

    • SHA1

      5d62f5db07614f3b548702faa4f7a06e235c9b12

    • SHA256

      47cc5f1102fda0eba76b9570a1b943326f2170f270d5280e1f8dd5723c43fc14

    • SHA512

      efee19e8109a48d49f099dd1767c722935123c4ea4d6e0ab905703e16fcb7196d31c45826d4398a5b7249e686ca90db3f671416909ce3440d4709edf1bd55775

    • SSDEEP

      6144:X+B5OQiY5mqWM4Kg9HHj/B7TjmmDLmogQcEZVTkJuMap1PBPY9ZSnJm7xoiZDDHQ:RQ90qWM4Kg9HHj/B7TjHKi

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      Executor/scripts/Infinite Yield.lua

    • Size

      464KB

    • MD5

      b7fd97a54c618754ceab75e8a5c2de10

    • SHA1

      feb96643a76f785177fa4e841b92e6a0af364180

    • SHA256

      784f1c6ac0d4a3abdce59e09b0e9b52da6c426136cf0bfd775445e8194b77ddc

    • SHA512

      078f305142e6b2d3300d249ba305897374e0d5a78e6db9ac902370b1eee433ee83322568735b3d82706fd1fc117dcbd3fe60ad5c2d8cada8deb36b2de6da7921

    • SSDEEP

      6144:OkrLwE7/2eTtOWGhzWtRNY9gIBuQulO7oFo5n4Xd9wDhoQhGZtUi8/1j304U48uH:OkrLwE4WG6NYQFOn4Xyipo

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      Executor/scripts/UNCCheckEnv.lua

    • Size

      28KB

    • MD5

      b76726d10354343d9af5c268e40b47c4

    • SHA1

      7103c78071be0c65c8b3a217168cf7909aef748e

    • SHA256

      e8d53406c916b8e827c65c8f00d8a18b1379e693fd0379e8116e749bdf860cf5

    • SHA512

      5caffd8a06058e890fe4ae35430539281cf53fa791221189f0f6660778a83fa42cc3e5374ce06ff325420d92006c2bfe1003f1486714e889964075da66b046eb

    • SSDEEP

      768:JopEYRzOKMrGrE7BWf9r+T+f9TkIuP4hUUsbU8FqQFBF5UXzRFEe3cSG5Sg/i5rx:JEKcZuy9p

    Score
    3/10
    execution
    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.