Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    55ef36a8f7ef96aa74573f0a220ab947ae750da1c94338ab1fcf2d27bd1350ec

  • Size

    1.3MB

  • Sample

    230910-nfjmssgf5t

  • MD5

    26b37a2386fdce9e1d296a633866d1ee

  • SHA1

    af40e360242c26fd678bd44a2a28d7fca4a534dc

  • SHA256

    55ef36a8f7ef96aa74573f0a220ab947ae750da1c94338ab1fcf2d27bd1350ec

  • SHA512

    77625c86ede7c4651fb4e35e7242bd669d4c2531ba2291e31005c628c57dfb9bb85cc48bb616257de72f5d68c147006596e6674782526c7ad88981c0c54cf7aa

  • SSDEEP

    24576:bkDv6+AqPvwiNC6KjGmn4SyMcfsc/AAQsY2+K2duQTBJ:ADv6+A4vwiNTklnoucMsYI2HJ

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      55ef36a8f7ef96aa74573f0a220ab947ae750da1c94338ab1fcf2d27bd1350ec

    • Size

      1.3MB

    • MD5

      26b37a2386fdce9e1d296a633866d1ee

    • SHA1

      af40e360242c26fd678bd44a2a28d7fca4a534dc

    • SHA256

      55ef36a8f7ef96aa74573f0a220ab947ae750da1c94338ab1fcf2d27bd1350ec

    • SHA512

      77625c86ede7c4651fb4e35e7242bd669d4c2531ba2291e31005c628c57dfb9bb85cc48bb616257de72f5d68c147006596e6674782526c7ad88981c0c54cf7aa

    • SSDEEP

      24576:bkDv6+AqPvwiNC6KjGmn4SyMcfsc/AAQsY2+K2duQTBJ:ADv6+A4vwiNTklnoucMsYI2HJ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks