Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dba812d730d390e0bb94cd4eda8726a5b4634c706a836184bb45448c610e2b33
-
Size
310KB
-
Sample
221107-cfzhgaegcm
-
MD5
b0711fde98fc86bcd420e05b83bb2917
-
SHA1
7934c7f04b9327038a0be3d7055e3e1890eddcfb
-
SHA256
dba812d730d390e0bb94cd4eda8726a5b4634c706a836184bb45448c610e2b33
-
SHA512
ef9257df297a7c00e8016fac4dc091b996489b3b1f7bd6e9667193d0d14225d3ab7865cfbbdac2624a685c6ca8cbc6faa7bb0c22d9b2dd8a6040397fafe8c16a
-
SSDEEP
3072:5pdkSn9ikW+5re1qs2WD/dfGXp4+xJqcu4wIzAVZPOfnlTtXDwB8EN:eSnS0ST2WDcU4PfnlTtXDK5N
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
dba812d730d390e0bb94cd4eda8726a5b4634c706a836184bb45448c610e2b33
-
Size
310KB
-
MD5
b0711fde98fc86bcd420e05b83bb2917
-
SHA1
7934c7f04b9327038a0be3d7055e3e1890eddcfb
-
SHA256
dba812d730d390e0bb94cd4eda8726a5b4634c706a836184bb45448c610e2b33
-
SHA512
ef9257df297a7c00e8016fac4dc091b996489b3b1f7bd6e9667193d0d14225d3ab7865cfbbdac2624a685c6ca8cbc6faa7bb0c22d9b2dd8a6040397fafe8c16a
-
SSDEEP
3072:5pdkSn9ikW+5re1qs2WD/dfGXp4+xJqcu4wIzAVZPOfnlTtXDwB8EN:eSnS0ST2WDcU4PfnlTtXDK5N
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-