Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    23b77ec0633b2c7b87d91d3fbaddfb77cfa092bc49eaa9df40d34e54944b503d

  • Size

    1.3MB

  • Sample

    230910-kd5wgafh25

  • MD5

    c0276f85f562267b52b87e82642956db

  • SHA1

    a34185c31839311ac7265b3d585f5f7e0b6d0aaa

  • SHA256

    23b77ec0633b2c7b87d91d3fbaddfb77cfa092bc49eaa9df40d34e54944b503d

  • SHA512

    3f75d6be382eb459c346b649271dbfccac48b903584efa56e53f5c494ae82efb24a30a5f4b9d08bc406a723d6bd622898fdd3bbdda782aeb08e6d175f440a652

  • SSDEEP

    24576:QA8GvbWfy/XudJl0m1wDO3DS64Db6A4eSYnN2sDVh4frj0gV5OMBD9LtEdDgvTsa:oGvyfy/edJl0mCDyDS6WW12N2oLWrLEM

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      23b77ec0633b2c7b87d91d3fbaddfb77cfa092bc49eaa9df40d34e54944b503d

    • Size

      1.3MB

    • MD5

      c0276f85f562267b52b87e82642956db

    • SHA1

      a34185c31839311ac7265b3d585f5f7e0b6d0aaa

    • SHA256

      23b77ec0633b2c7b87d91d3fbaddfb77cfa092bc49eaa9df40d34e54944b503d

    • SHA512

      3f75d6be382eb459c346b649271dbfccac48b903584efa56e53f5c494ae82efb24a30a5f4b9d08bc406a723d6bd622898fdd3bbdda782aeb08e6d175f440a652

    • SSDEEP

      24576:QA8GvbWfy/XudJl0m1wDO3DS64Db6A4eSYnN2sDVh4frj0gV5OMBD9LtEdDgvTsa:oGvyfy/edJl0mCDyDS6WW12N2oLWrLEM

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks