Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    41335a1ea9867a360ae46195ef310072a9a144636907f3577eb04b748270b43e

  • Size

    1.3MB

  • Sample

    230910-phq1bsha39

  • MD5

    66722869d2962985e07f8800d85c98e2

  • SHA1

    2caaa5ffe88fcf6478beb4fe47092ac3f00829a4

  • SHA256

    41335a1ea9867a360ae46195ef310072a9a144636907f3577eb04b748270b43e

  • SHA512

    c4deb3af013c1fa51dd9a7ad86e6355498e92c64656d3a800953ba18e5ffbb972110f77d23d7139cdfbf6e9c95c3f5e7eb00c860e36c741c755523ec5812e8b4

  • SSDEEP

    24576:HcWCWqX2vLJS7+35HvBegZVblqVBcmzsh1o/7zcc72XpXAYaccEMQ9lQEcoagN1:8WCWqaLJLHvBegLbAVBPQJkYRrHRN1

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      41335a1ea9867a360ae46195ef310072a9a144636907f3577eb04b748270b43e

    • Size

      1.3MB

    • MD5

      66722869d2962985e07f8800d85c98e2

    • SHA1

      2caaa5ffe88fcf6478beb4fe47092ac3f00829a4

    • SHA256

      41335a1ea9867a360ae46195ef310072a9a144636907f3577eb04b748270b43e

    • SHA512

      c4deb3af013c1fa51dd9a7ad86e6355498e92c64656d3a800953ba18e5ffbb972110f77d23d7139cdfbf6e9c95c3f5e7eb00c860e36c741c755523ec5812e8b4

    • SSDEEP

      24576:HcWCWqX2vLJS7+35HvBegZVblqVBcmzsh1o/7zcc72XpXAYaccEMQ9lQEcoagN1:8WCWqaLJLHvBegLbAVBPQJkYRrHRN1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks