Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

3d75e7230b...b8.exe

windows7-x64

3d75e7230b...b8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3d75e7230bf434ceff8710174ee115b8.exe

  • Size

    285KB

  • Sample

    231129-q9khasgf49

  • MD5

    3d75e7230bf434ceff8710174ee115b8

  • SHA1

    6db9c713d70d8f3715db9ef4139669d8d110c4e9

  • SHA256

    6c4aaf39142db9f2d3adc6f3a90d986a55fd54273be564d61a4cc229e55131af

  • SHA512

    3ae69eb16c4866b89b9a4ff48f75ea4bbed5d39ae63f2e4c3b51d04af6137b3ba9e11e17818f0afeb788abbae060256b936a1ff626497b181990328a4b6cf3b8

  • SSDEEP

    6144:vyU1zKCKVDp3Cbitu7gJzmgkYUDBg8ZHAO0Jb8CuZoHI66G:vyU1K9pv6RZH2nuZn66G

Score
10/10
eternitygluptebaredlinesmokeloaderzgrat@ytlogsbotlivetrafficup3backdoordiscoverydropperevasioninfostealerloaderratspywarestealertrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://194.49.94.210/fks/index.php

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

@ytlogsbot

C2

194.169.175.235:42691

Extracted

Family

redline

Botnet

LiveTraffic

C2

195.10.205.16:2245

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

eternity

Wallets

47vk9PbPuHnEnazCn4tLpwPCWRLSMhpX9PD8WqpjchhTXisimD6j8EvRFDbPQHKUmHVq3vAM3DLytXLg8CqcdRXRFdPe92Q

Attributes
  • payload_urls

    https://raw.githubusercontent.com/VolVeRFM/SilentMiner-VolVeR/main/VolVeRBuilder/Resources/xmrig.exe

Targets

    • Target

      3d75e7230bf434ceff8710174ee115b8.exe

    • Size

      285KB

    • MD5

      3d75e7230bf434ceff8710174ee115b8

    • SHA1

      6db9c713d70d8f3715db9ef4139669d8d110c4e9

    • SHA256

      6c4aaf39142db9f2d3adc6f3a90d986a55fd54273be564d61a4cc229e55131af

    • SHA512

      3ae69eb16c4866b89b9a4ff48f75ea4bbed5d39ae63f2e4c3b51d04af6137b3ba9e11e17818f0afeb788abbae060256b936a1ff626497b181990328a4b6cf3b8

    • SSDEEP

      6144:vyU1zKCKVDp3Cbitu7gJzmgkYUDBg8ZHAO0Jb8CuZoHI66G:vyU1K9pv6RZH2nuZn66G

    Score
    10/10
    gluptebaredlinesmokeloaderzgrat@ytlogsbotlivetrafficup3backdoordiscoverydropperevasioninfostealerloaderratspywarestealertrojaneternity

    • Detect ZGRat V1

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Stops running service(s)

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks