Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    553ed1c32456c7ba998e802e16f976818eb109e7b194315f53a6f2348fe043deexe_JC.exe

  • Size

    1.4MB

  • Sample

    230910-md3r8agc61

  • MD5

    3e9f5ccb5cc6d82c05885e486fd26a1a

  • SHA1

    138d23e2b58e47babd2aa08b818810efb0ec400c

  • SHA256

    553ed1c32456c7ba998e802e16f976818eb109e7b194315f53a6f2348fe043de

  • SHA512

    d764f7ade65d3e4a26af69c6ce8243ea8439fbcc6ae377340d2654cac0c32e31fed149d2bff1ebfd560a2219d1f4465a6b52c22ce161928c7d5c8119cf0daa72

  • SSDEEP

    24576:KhCiwZbvySPSHn0WeFvRs8NSk7rlQUp7Xg4XA17qB6bUDhMnMETq9yszVkGughj:ICiAan0WeFpxnyc7X3msNy22GBj

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      553ed1c32456c7ba998e802e16f976818eb109e7b194315f53a6f2348fe043deexe_JC.exe

    • Size

      1.4MB

    • MD5

      3e9f5ccb5cc6d82c05885e486fd26a1a

    • SHA1

      138d23e2b58e47babd2aa08b818810efb0ec400c

    • SHA256

      553ed1c32456c7ba998e802e16f976818eb109e7b194315f53a6f2348fe043de

    • SHA512

      d764f7ade65d3e4a26af69c6ce8243ea8439fbcc6ae377340d2654cac0c32e31fed149d2bff1ebfd560a2219d1f4465a6b52c22ce161928c7d5c8119cf0daa72

    • SSDEEP

      24576:KhCiwZbvySPSHn0WeFvRs8NSk7rlQUp7Xg4XA17qB6bUDhMnMETq9yszVkGughj:ICiAan0WeFpxnyc7X3msNy22GBj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks