Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a6f85a21523cc9ffdd385b00dafc8bd9.exe
-
Size
931KB
-
Sample
231211-cjk49aabhn
-
MD5
a6f85a21523cc9ffdd385b00dafc8bd9
-
SHA1
32937c3cc04f5bc867c8754ca650ef5161da9210
-
SHA256
ffa5036ac28ddf219766bee866974128fcd7f1f2afd77736adf4749871346466
-
SHA512
2f8e552bb465d847bb904a1b0b62af2172a74f40419e735f11df93b2e282f7a64b9d0c3d570962dd39930f1d081a7c391da58774907614cfb77e39cf2be73e8f
-
SSDEEP
12288:CoiKQe7S/+322Ghabdq399BObcCiZFU6d5WDAWHKVbnIGWBuhNy3qXDYMB:uKO/+3HGhabdO9pe6f8/SMPL6XUMB
Static task
static1
Behavioral task
behavioral1
Sample
a6f85a21523cc9ffdd385b00dafc8bd9.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
a6f85a21523cc9ffdd385b00dafc8bd9.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
smokeloader
2022
http://81.19.131.34/fks/index.php
Extracted
redline
LiveTraffic
77.105.132.87:6731
Extracted
redline
@oleh_ps
176.123.7.190:32927
Extracted
smokeloader
up3
Targets
-
-
Target
a6f85a21523cc9ffdd385b00dafc8bd9.exe
-
Size
931KB
-
MD5
a6f85a21523cc9ffdd385b00dafc8bd9
-
SHA1
32937c3cc04f5bc867c8754ca650ef5161da9210
-
SHA256
ffa5036ac28ddf219766bee866974128fcd7f1f2afd77736adf4749871346466
-
SHA512
2f8e552bb465d847bb904a1b0b62af2172a74f40419e735f11df93b2e282f7a64b9d0c3d570962dd39930f1d081a7c391da58774907614cfb77e39cf2be73e8f
-
SSDEEP
12288:CoiKQe7S/+322Ghabdq399BObcCiZFU6d5WDAWHKVbnIGWBuhNy3qXDYMB:uKO/+3HGhabdO9pe6f8/SMPL6XUMB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-