Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f553b29198c8ef1b25c256ee812d319a7e279bb3b52c5a77d83121c0bb1cd354

  • Size

    304KB

  • Sample

    230716-ldtc4seg3t

  • MD5

    64e0748282e1523bda43f4b47275c423

  • SHA1

    30445369ca037cba270443089c8aa5f671214144

  • SHA256

    f553b29198c8ef1b25c256ee812d319a7e279bb3b52c5a77d83121c0bb1cd354

  • SHA512

    cffc0691bc60b0ae316f5e7aa427b7be8c54021d127064eff9fd2ec16fc5f0374b8e013f38a890ff47f05cccbf8f5f260eedde23b219a0eb9b99f1bcabce43ad

  • SSDEEP

    3072:kxtLlBWxn3t7vY+D5rbbOEoUGb+kXz5CjKWwlgZDGW:4Ll0x3t7A+NrbiEo5bfXILFG

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://potunulit.org/

http://hutnilior.net/

http://bulimu55t.net/

http://soryytlic4.net/

http://novanosa5org.org/

http://nuljjjnuli.org/

http://tolilolihul.net/

http://somatoka51hub.net/

http://hujukui3.net/

http://bukubuka1.net/

http://golilopaster.org/

http://newzelannd66.org/

http://otriluyttn.org/

rc4.i32
rc4.i32

Extracted

Family

amadey

Version

3.83

C2

5.42.65.80/8bmeVwqx/index.php

Extracted

Family

redline

Botnet

150723_rc_11

C2

rcam15.tuktuk.ug:11290

Attributes
  • auth_value

    0b3645317afbcac212f68853bb45b46d

Targets

    • Target

      f553b29198c8ef1b25c256ee812d319a7e279bb3b52c5a77d83121c0bb1cd354

    • Size

      304KB

    • MD5

      64e0748282e1523bda43f4b47275c423

    • SHA1

      30445369ca037cba270443089c8aa5f671214144

    • SHA256

      f553b29198c8ef1b25c256ee812d319a7e279bb3b52c5a77d83121c0bb1cd354

    • SHA512

      cffc0691bc60b0ae316f5e7aa427b7be8c54021d127064eff9fd2ec16fc5f0374b8e013f38a890ff47f05cccbf8f5f260eedde23b219a0eb9b99f1bcabce43ad

    • SSDEEP

      3072:kxtLlBWxn3t7vY+D5rbbOEoUGb+kXz5CjKWwlgZDGW:4Ll0x3t7A+NrbiEo5bfXILFG

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Fabookie payload

    • Fabookie

      Fabookie is facebook account info stealer.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

MITRE ATT&CK Enterprise v6

Tasks