Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
17/11/2023, 19:12
231117-xwf2aaeb6w 1013/11/2023, 20:48
231113-zlyjpafe33 1011/11/2023, 00:27
231111-asanrsce88 1026/10/2023, 01:21
231026-bqq4eaae92 1017/10/2023, 19:09
231017-xt332ahd24 1014/10/2023, 18:16
231014-wwjlqsgc23 1008/10/2023, 21:51
231008-1qgmeagc31 1003/10/2023, 17:46
231003-wckppaed21 10General
-
Target
New Text Document.exe
-
Size
4KB
-
Sample
231008-1qgmeagc31
-
MD5
a239a27c2169af388d4f5be6b52f272c
-
SHA1
0feb9a0cd8c25f01d071e9b2cfc2ae7bd430318c
-
SHA256
98e895f711226a32bfab152e224279d859799243845c46e550c2d32153c619fc
-
SHA512
f30e1ff506cc4d729f7e24aa46e832938a5e21497f1f82f1b300d47f45dae7f1caef032237ef1f5ae9001195c43c0103e3ab787f9196c8397846c1dea8f351da
-
SSDEEP
48:6r1huik0xzYGJZZJOQOulbfSqXSfbNtm:IIxcLpf6zNt
Static task
static1
Behavioral task
behavioral1
Sample
New Text Document.exe
Resource
win10-20230915-en
Malware Config
Extracted
smokeloader
up3
Extracted
raccoon
5ff7bc68b712d0b2c95bc2d831e79eaf
http://45.15.156.141:80
-
user_agent
SunShineMoonLight
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Extracted
formbook
4.1
sy22
vinteligencia.com
displayfridges.fun
completetip.com
giallozafferrano.com
jizihao1.com
mysticheightstrail.com
fourseasonslb.com
kjnala.shop
mosiacwall.com
vandistreet.com
gracefullytouchedartistry.com
hbiwhwr.shop
mfmz.net
hrmbrillianz.com
funwarsztat.com
polewithcandy.com
ourrajasthan.com
wilhouettteamerica.com
johnnystintshop.com
asgnelwin.com
alcmcyu.com
thwmlohr.click
gypseascuba.com
mysonisgaythemovie.com
sunriseautostorellc.com
fuhouse.link
motorcycleglassesshop.com
vaskaworldairways.com
qixservice.online
b2b-scaling.com
03ss.vip
trishpintar.com
gk84.com
omclaval.com
emeeycarwash.com
wb7mnp.com
kimgj.com
278809.com
summitstracecolumbus.com
dryadai.com
vistcreative.com
weoliveorder.com
kwamitikki.com
cjk66.online
travisline.pro
mercardosupltda.shop
sunspotplumbing.com
podplugca.com
leontellez.com
fzturf.com
docomo-mobileconsulting.com
apneabirmingham.info
rollesgraciejiujitsu.com
sx15k.com
kebobcapital.com
91967.net
claudiaduverglas.com
zhperviepixie.com
oliwas.xyz
flowersinspace.tech
uadmxqby.click
greatbaitusa.com
drpenawaraircondhargarahmah.com
sofbks.top
sarthaksrishticreation.com
Extracted
stealc
http://5.42.65.39
-
url_path
/bed95ea4798a5204.php
Extracted
eternity
http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion
Extracted
redline
cheat
54.91.200.119:80
Targets
-
-
Target
New Text Document.exe
-
Size
4KB
-
MD5
a239a27c2169af388d4f5be6b52f272c
-
SHA1
0feb9a0cd8c25f01d071e9b2cfc2ae7bd430318c
-
SHA256
98e895f711226a32bfab152e224279d859799243845c46e550c2d32153c619fc
-
SHA512
f30e1ff506cc4d729f7e24aa46e832938a5e21497f1f82f1b300d47f45dae7f1caef032237ef1f5ae9001195c43c0103e3ab787f9196c8397846c1dea8f351da
-
SSDEEP
48:6r1huik0xzYGJZZJOQOulbfSqXSfbNtm:IIxcLpf6zNt
-
Detect Poverty Stealer Payload
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Glupteba payload
-
Raccoon Stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Formbook payload
-
Downloads MZ/PE file
-
Stops running service(s)
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1