Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f553b29198c8ef1b25c256ee812d319a7e279bb3b52c5a77d83121c0bb1cd354
-
Size
304KB
-
Sample
230716-ldtc4seg3t
-
MD5
64e0748282e1523bda43f4b47275c423
-
SHA1
30445369ca037cba270443089c8aa5f671214144
-
SHA256
f553b29198c8ef1b25c256ee812d319a7e279bb3b52c5a77d83121c0bb1cd354
-
SHA512
cffc0691bc60b0ae316f5e7aa427b7be8c54021d127064eff9fd2ec16fc5f0374b8e013f38a890ff47f05cccbf8f5f260eedde23b219a0eb9b99f1bcabce43ad
-
SSDEEP
3072:kxtLlBWxn3t7vY+D5rbbOEoUGb+kXz5CjKWwlgZDGW:4Ll0x3t7A+NrbiEo5bfXILFG
Static task
static1
Behavioral task
behavioral1
Sample
f553b29198c8ef1b25c256ee812d319a7e279bb3b52c5a77d83121c0bb1cd354.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
smokeloader
2022
http://potunulit.org/
http://hutnilior.net/
http://bulimu55t.net/
http://soryytlic4.net/
http://novanosa5org.org/
http://nuljjjnuli.org/
http://tolilolihul.net/
http://somatoka51hub.net/
http://hujukui3.net/
http://bukubuka1.net/
http://golilopaster.org/
http://newzelannd66.org/
http://otriluyttn.org/
Extracted
amadey
3.83
5.42.65.80/8bmeVwqx/index.php
Extracted
redline
150723_rc_11
rcam15.tuktuk.ug:11290
-
auth_value
0b3645317afbcac212f68853bb45b46d
Targets
-
-
Target
f553b29198c8ef1b25c256ee812d319a7e279bb3b52c5a77d83121c0bb1cd354
-
Size
304KB
-
MD5
64e0748282e1523bda43f4b47275c423
-
SHA1
30445369ca037cba270443089c8aa5f671214144
-
SHA256
f553b29198c8ef1b25c256ee812d319a7e279bb3b52c5a77d83121c0bb1cd354
-
SHA512
cffc0691bc60b0ae316f5e7aa427b7be8c54021d127064eff9fd2ec16fc5f0374b8e013f38a890ff47f05cccbf8f5f260eedde23b219a0eb9b99f1bcabce43ad
-
SSDEEP
3072:kxtLlBWxn3t7vY+D5rbbOEoUGb+kXz5CjKWwlgZDGW:4Ll0x3t7A+NrbiEo5bfXILFG
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-