Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cb36894a3120fb5f7c510a4a512a3afd02cf9eee4738aea162db6ae35379f3bcexe_JC.exe

  • Size

    1.4MB

  • Sample

    230910-m3zrvsge5z

  • MD5

    dd0b14b1a014231980a5b51acc414da7

  • SHA1

    50b071b6dda483c10e7bb88ed391f655a86c31bd

  • SHA256

    cb36894a3120fb5f7c510a4a512a3afd02cf9eee4738aea162db6ae35379f3bc

  • SHA512

    be4e46366930a8c1fd8809c05865f60757107ccbb5bc79c69e8031ce7471883c163d18ba94d9953d8bc1132fe7a87691708a8976b2a761f9a6cb10ace1bdb270

  • SSDEEP

    24576:ITCI5zSJd/z8sNwu8Kuey+wrRv6WMV0t0X7L3kCc51t7O9+ZiGyOGzHYv2HMi7j:sCI5zM+u8KueyF6WMy82Zi0GzQ8j

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      cb36894a3120fb5f7c510a4a512a3afd02cf9eee4738aea162db6ae35379f3bcexe_JC.exe

    • Size

      1.4MB

    • MD5

      dd0b14b1a014231980a5b51acc414da7

    • SHA1

      50b071b6dda483c10e7bb88ed391f655a86c31bd

    • SHA256

      cb36894a3120fb5f7c510a4a512a3afd02cf9eee4738aea162db6ae35379f3bc

    • SHA512

      be4e46366930a8c1fd8809c05865f60757107ccbb5bc79c69e8031ce7471883c163d18ba94d9953d8bc1132fe7a87691708a8976b2a761f9a6cb10ace1bdb270

    • SSDEEP

      24576:ITCI5zSJd/z8sNwu8Kuey+wrRv6WMV0t0X7L3kCc51t7O9+ZiGyOGzHYv2HMi7j:sCI5zM+u8KueyF6WMy82Zi0GzQ8j

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks