Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    882bff0ac83efac81e23017cb9dd74381637546b6c36c03f81852bd0cedb6ef0

  • Size

    1.3MB

  • Sample

    230910-myxrpsge76

  • MD5

    ba50d32199c3119f00e754fd73bd77c9

  • SHA1

    440e1ced4c69d11eb28efc277bfe0c053d97cd71

  • SHA256

    882bff0ac83efac81e23017cb9dd74381637546b6c36c03f81852bd0cedb6ef0

  • SHA512

    8fff9acb1322ed67402224cb449f1f18d59527531d05cfbba0172955be34ec1da510c195dc47a19adcbd16b06f38d9b16fe9f073730dd722a3275d9cbc565fc8

  • SSDEEP

    24576:wCIv6xXucXTu222Jz5csQjBPB+nEwTcg0QCyQcTP3jjDGrAz0lbRvtK5J:/Iv6IcXV5csQdiAg0QCyQefjjOAz0Dsn

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      882bff0ac83efac81e23017cb9dd74381637546b6c36c03f81852bd0cedb6ef0

    • Size

      1.3MB

    • MD5

      ba50d32199c3119f00e754fd73bd77c9

    • SHA1

      440e1ced4c69d11eb28efc277bfe0c053d97cd71

    • SHA256

      882bff0ac83efac81e23017cb9dd74381637546b6c36c03f81852bd0cedb6ef0

    • SHA512

      8fff9acb1322ed67402224cb449f1f18d59527531d05cfbba0172955be34ec1da510c195dc47a19adcbd16b06f38d9b16fe9f073730dd722a3275d9cbc565fc8

    • SSDEEP

      24576:wCIv6xXucXTu222Jz5csQjBPB+nEwTcg0QCyQcTP3jjDGrAz0lbRvtK5J:/Iv6IcXV5csQdiAg0QCyQefjjOAz0Dsn

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks