Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
454640108e7e678973900d46841b4e9c7b71ac62b1b6724f22cb7b3811a255d8
-
Size
552KB
-
Sample
231111-kw4fcscg5t
-
MD5
4bb6be151146e7472f49d014845b7312
-
SHA1
a20c781abc3cd977571c7ae907dcf9c02bde5919
-
SHA256
454640108e7e678973900d46841b4e9c7b71ac62b1b6724f22cb7b3811a255d8
-
SHA512
00b1b9989b3e9d102c684d98ad0923e1912e81ee49dd817f2d77ebc4f37c27efbdb1fbe125b582332875ab4f8b8e6cd1df52344c35ca79bc3fdc86ed53405a6b
-
SSDEEP
12288:aMrry90f0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6ku4ak:JyaiaaewIsgCQGIgYDiok
Static task
static1
Behavioral task
behavioral1
Sample
454640108e7e678973900d46841b4e9c7b71ac62b1b6724f22cb7b3811a255d8.exe
Resource
win10-20231020-en
Malware Config
Extracted
smokeloader
2022
http://5.42.92.190/fks/index.php
Extracted
redline
pixelnew2.0
194.49.94.11:80
Extracted
smokeloader
up3
Targets
-
-
Target
454640108e7e678973900d46841b4e9c7b71ac62b1b6724f22cb7b3811a255d8
-
Size
552KB
-
MD5
4bb6be151146e7472f49d014845b7312
-
SHA1
a20c781abc3cd977571c7ae907dcf9c02bde5919
-
SHA256
454640108e7e678973900d46841b4e9c7b71ac62b1b6724f22cb7b3811a255d8
-
SHA512
00b1b9989b3e9d102c684d98ad0923e1912e81ee49dd817f2d77ebc4f37c27efbdb1fbe125b582332875ab4f8b8e6cd1df52344c35ca79bc3fdc86ed53405a6b
-
SSDEEP
12288:aMrry90f0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6ku4ak:JyaiaaewIsgCQGIgYDiok
-
Detect ZGRat V1
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-