Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8fc3eaaeef86a910684f2ef65057434c09ce75df675195b862544f31b1887fc3

  • Size

    942KB

  • Sample

    231102-m6vmbaag8z

  • MD5

    379d348302348eba377eabc50774ec21

  • SHA1

    3d89637c459d860046904719099d81376a8776b0

  • SHA256

    8fc3eaaeef86a910684f2ef65057434c09ce75df675195b862544f31b1887fc3

  • SHA512

    4cf48652713c1da024da7509c6aba860e3f2999163c4e8d060d96a6e3bd4ecb01f90399d754ad1b4f7ae23455be6e68afd0b7a6be5e2093890b4da84a372ac6d

  • SSDEEP

    12288:Q7XART2E/mNwqKbov27C9OV266iq00ARW8jvBvGg5FEzzWuM1E476:EXARtmNw3bov27HVW3IRW8jP5FE3y7

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

plost

C2

77.91.124.86:19084

Targets

    • Target

      8fc3eaaeef86a910684f2ef65057434c09ce75df675195b862544f31b1887fc3

    • Size

      942KB

    • MD5

      379d348302348eba377eabc50774ec21

    • SHA1

      3d89637c459d860046904719099d81376a8776b0

    • SHA256

      8fc3eaaeef86a910684f2ef65057434c09ce75df675195b862544f31b1887fc3

    • SHA512

      4cf48652713c1da024da7509c6aba860e3f2999163c4e8d060d96a6e3bd4ecb01f90399d754ad1b4f7ae23455be6e68afd0b7a6be5e2093890b4da84a372ac6d

    • SSDEEP

      12288:Q7XART2E/mNwqKbov27C9OV266iq00ARW8jvBvGg5FEzzWuM1E476:EXARtmNw3bov27HVW3IRW8jP5FE3y7

    • Detected google phishing page

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks