Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3d75e7230bf434ceff8710174ee115b8.exe

  • Size

    285KB

  • Sample

    231129-q9khasgf49

  • MD5

    3d75e7230bf434ceff8710174ee115b8

  • SHA1

    6db9c713d70d8f3715db9ef4139669d8d110c4e9

  • SHA256

    6c4aaf39142db9f2d3adc6f3a90d986a55fd54273be564d61a4cc229e55131af

  • SHA512

    3ae69eb16c4866b89b9a4ff48f75ea4bbed5d39ae63f2e4c3b51d04af6137b3ba9e11e17818f0afeb788abbae060256b936a1ff626497b181990328a4b6cf3b8

  • SSDEEP

    6144:vyU1zKCKVDp3Cbitu7gJzmgkYUDBg8ZHAO0Jb8CuZoHI66G:vyU1K9pv6RZH2nuZn66G

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://194.49.94.210/fks/index.php

rc4.i32
1
0x4b3b02b6
rc4.i32
1
0x6ea683ed

Extracted

Family

redline

Botnet

@ytlogsbot

C2

194.169.175.235:42691

Extracted

Family

redline

Botnet

LiveTraffic

C2

195.10.205.16:2245

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

eternity

Wallets

47vk9PbPuHnEnazCn4tLpwPCWRLSMhpX9PD8WqpjchhTXisimD6j8EvRFDbPQHKUmHVq3vAM3DLytXLg8CqcdRXRFdPe92Q

Attributes
  • payload_urls

    https://raw.githubusercontent.com/VolVeRFM/SilentMiner-VolVeR/main/VolVeRBuilder/Resources/xmrig.exe

Targets

    • Target

      3d75e7230bf434ceff8710174ee115b8.exe

    • Size

      285KB

    • MD5

      3d75e7230bf434ceff8710174ee115b8

    • SHA1

      6db9c713d70d8f3715db9ef4139669d8d110c4e9

    • SHA256

      6c4aaf39142db9f2d3adc6f3a90d986a55fd54273be564d61a4cc229e55131af

    • SHA512

      3ae69eb16c4866b89b9a4ff48f75ea4bbed5d39ae63f2e4c3b51d04af6137b3ba9e11e17818f0afeb788abbae060256b936a1ff626497b181990328a4b6cf3b8

    • SSDEEP

      6144:vyU1zKCKVDp3Cbitu7gJzmgkYUDBg8ZHAO0Jb8CuZoHI66G:vyU1K9pv6RZH2nuZn66G

    • Detect ZGRat V1

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.