Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0x0007000000015eb8-116.dat
-
Size
37KB
-
Sample
231211-cc4m1sbcd4
-
MD5
146d0ae26c8dfce1eb4180bcafcf0b4e
-
SHA1
28b777ada164b6f76cf2b63d08e917e75ddce0c0
-
SHA256
f58af54f280b12db6e729112d697c5e18a3fbf2309b7711a687c0381c9f4d170
-
SHA512
b1b341f508628378d9c4763366b9b7586fe898117666c992b66ff6be1266759bd57b4914ded582adda47e9fc56dea039e8d8d8efa03a3fabd1524f08ae9675c8
-
SSDEEP
768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX
Behavioral task
behavioral1
Sample
0x0007000000015eb8-116.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
0x0007000000015eb8-116.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
smokeloader
2022
http://81.19.131.34/fks/index.php
Extracted
redline
LiveTraffic
77.105.132.87:6731
Targets
-
-
Target
0x0007000000015eb8-116.dat
-
Size
37KB
-
MD5
146d0ae26c8dfce1eb4180bcafcf0b4e
-
SHA1
28b777ada164b6f76cf2b63d08e917e75ddce0c0
-
SHA256
f58af54f280b12db6e729112d697c5e18a3fbf2309b7711a687c0381c9f4d170
-
SHA512
b1b341f508628378d9c4763366b9b7586fe898117666c992b66ff6be1266759bd57b4914ded582adda47e9fc56dea039e8d8d8efa03a3fabd1524f08ae9675c8
-
SSDEEP
768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-