Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4a28a9fb79adb9da7201c8a4ce3e343107cbded79527f062ceda14b75547c2a5
-
Size
534KB
-
Sample
230921-qpre4sgc3t
-
MD5
7d372993bef0a7cf08a16b31f89a1828
-
SHA1
bb870ae3b4f70685e115646c5d32efc4b15dd90b
-
SHA256
4a28a9fb79adb9da7201c8a4ce3e343107cbded79527f062ceda14b75547c2a5
-
SHA512
8e4b4d45cc602270a42decaecb4f990864fdf1ad5bf164a2b1b1364149c4a28af36d4841eb362f00ab6f010390d8ec3c36ab276b27b101e6c4bfbd10b1bd5e8c
-
SSDEEP
6144:PL+AUxvdjNgBoHFIZ0YesFZITJuUQnErKQf9fV:vQNg2FTJuUQnEG8V
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
4a28a9fb79adb9da7201c8a4ce3e343107cbded79527f062ceda14b75547c2a5
-
Size
534KB
-
MD5
7d372993bef0a7cf08a16b31f89a1828
-
SHA1
bb870ae3b4f70685e115646c5d32efc4b15dd90b
-
SHA256
4a28a9fb79adb9da7201c8a4ce3e343107cbded79527f062ceda14b75547c2a5
-
SHA512
8e4b4d45cc602270a42decaecb4f990864fdf1ad5bf164a2b1b1364149c4a28af36d4841eb362f00ab6f010390d8ec3c36ab276b27b101e6c4bfbd10b1bd5e8c
-
SSDEEP
6144:PL+AUxvdjNgBoHFIZ0YesFZITJuUQnErKQf9fV:vQNg2FTJuUQnEG8V
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-