Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file
-
Size
1.1MB
-
Sample
231008-nez86adh67
-
MD5
8a1adc510fa96e48c8274255a0145917
-
SHA1
f6f3b0feee7313db0f880f775ccedec94514ddc5
-
SHA256
ed96c9649afe2141b7b7fe413f96f0206cbe20003e5f94ce0383f085502ea49b
-
SHA512
80bd5c79ba2f5f2c2737656f1a3faeeff048b59e10bc0afffc972d64de6c35e9b82f5994bc524c1f2587213081077c10ca2110bcff5acb5d3c9bfeb27997d4d2
-
SSDEEP
24576:YymJnb1nTBLutMb6QxCSUO6PxnOR/Z+kDuKeQyvCpHyFP:fWnb1ns2hr6Pxn2/Z+kDrZyvc
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
magia
77.91.124.55:19071
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
lutyr
77.91.124.55:19071
Extracted
redline
@ytlogsbot
176.123.4.46:33783
Targets
-
-
Target
file
-
Size
1.1MB
-
MD5
8a1adc510fa96e48c8274255a0145917
-
SHA1
f6f3b0feee7313db0f880f775ccedec94514ddc5
-
SHA256
ed96c9649afe2141b7b7fe413f96f0206cbe20003e5f94ce0383f085502ea49b
-
SHA512
80bd5c79ba2f5f2c2737656f1a3faeeff048b59e10bc0afffc972d64de6c35e9b82f5994bc524c1f2587213081077c10ca2110bcff5acb5d3c9bfeb27997d4d2
-
SSDEEP
24576:YymJnb1nTBLutMb6QxCSUO6PxnOR/Z+kDuKeQyvCpHyFP:fWnb1ns2hr6Pxn2/Z+kDrZyvc
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
3Scripting
1