Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d9803cde12f0fc948f07fd2d5c17ce545fdbbabdf21b268dac3a793d60592d59

  • Size

    1.3MB

  • Sample

    230910-j8cmqsfg94

  • MD5

    f21bb93fa8c2ccff705ef4e9b4780330

  • SHA1

    2ef202f73e6b762a262bd3ecaad805a342914ba9

  • SHA256

    d9803cde12f0fc948f07fd2d5c17ce545fdbbabdf21b268dac3a793d60592d59

  • SHA512

    c22ad9bcc85aaf30dde020cac70fc531fb296be3d0b11c5d5b701b0ed3f3037d0eae762d816c7ce1313f5509ac6b0dd18cf847c304b2cd46cdb72343a0d5e324

  • SSDEEP

    24576:QysmvbWIU/qbTsMcLDTZpiNFR1yYBoO7I9LQPdKlu/cjBBrhdo+V3kTbtwJ:WmvyI20T5cLnZw91jBoOsLOKlIAVxJ

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      d9803cde12f0fc948f07fd2d5c17ce545fdbbabdf21b268dac3a793d60592d59

    • Size

      1.3MB

    • MD5

      f21bb93fa8c2ccff705ef4e9b4780330

    • SHA1

      2ef202f73e6b762a262bd3ecaad805a342914ba9

    • SHA256

      d9803cde12f0fc948f07fd2d5c17ce545fdbbabdf21b268dac3a793d60592d59

    • SHA512

      c22ad9bcc85aaf30dde020cac70fc531fb296be3d0b11c5d5b701b0ed3f3037d0eae762d816c7ce1313f5509ac6b0dd18cf847c304b2cd46cdb72343a0d5e324

    • SSDEEP

      24576:QysmvbWIU/qbTsMcLDTZpiNFR1yYBoO7I9LQPdKlu/cjBBrhdo+V3kTbtwJ:WmvyI20T5cLnZw91jBoOsLOKlIAVxJ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks