Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
727f0f9bde4d92d1650cd6745153a610625f2d8138f2a0f8a0a0d3606fc4a945
-
Size
922KB
-
Sample
230920-cgmkasde3y
-
MD5
d2f17310913cf9736d2786c2cdc1eaaf
-
SHA1
aae6b53e291ef3ba6bc853a38419319c28142ba1
-
SHA256
727f0f9bde4d92d1650cd6745153a610625f2d8138f2a0f8a0a0d3606fc4a945
-
SHA512
c1e52177e2992e9fb53ebf6bb10b58c4f1874632781090d17f55fd1c5b2703ec3aff523e0ba10651d3ec1c771a6b3b4bebb5ae91a64137c922060bc5570be513
-
SSDEEP
12288:ylsnnx2dAVuu9i4ytnfZFbZVfV5TjzxTvob43IubL5SnwmadLCAek:gsnx2dAV99i4yttV/33NmNA5
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
727f0f9bde4d92d1650cd6745153a610625f2d8138f2a0f8a0a0d3606fc4a945
-
Size
922KB
-
MD5
d2f17310913cf9736d2786c2cdc1eaaf
-
SHA1
aae6b53e291ef3ba6bc853a38419319c28142ba1
-
SHA256
727f0f9bde4d92d1650cd6745153a610625f2d8138f2a0f8a0a0d3606fc4a945
-
SHA512
c1e52177e2992e9fb53ebf6bb10b58c4f1874632781090d17f55fd1c5b2703ec3aff523e0ba10651d3ec1c771a6b3b4bebb5ae91a64137c922060bc5570be513
-
SSDEEP
12288:ylsnnx2dAVuu9i4ytnfZFbZVfV5TjzxTvob43IubL5SnwmadLCAek:gsnx2dAV99i4yttV/33NmNA5
-
Detect Fabookie payload
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-