Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a6f85a21523cc9ffdd385b00dafc8bd9.exe

  • Size

    931KB

  • Sample

    231211-cjk49aabhn

  • MD5

    a6f85a21523cc9ffdd385b00dafc8bd9

  • SHA1

    32937c3cc04f5bc867c8754ca650ef5161da9210

  • SHA256

    ffa5036ac28ddf219766bee866974128fcd7f1f2afd77736adf4749871346466

  • SHA512

    2f8e552bb465d847bb904a1b0b62af2172a74f40419e735f11df93b2e282f7a64b9d0c3d570962dd39930f1d081a7c391da58774907614cfb77e39cf2be73e8f

  • SSDEEP

    12288:CoiKQe7S/+322Ghabdq399BObcCiZFU6d5WDAWHKVbnIGWBuhNy3qXDYMB:uKO/+3HGhabdO9pe6f8/SMPL6XUMB

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://81.19.131.34/fks/index.php

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

LiveTraffic

C2

77.105.132.87:6731

Extracted

Family

redline

Botnet

@oleh_ps

C2

176.123.7.190:32927

Extracted

Family

smokeloader

Botnet

up3

Targets

    • Target

      a6f85a21523cc9ffdd385b00dafc8bd9.exe

    • Size

      931KB

    • MD5

      a6f85a21523cc9ffdd385b00dafc8bd9

    • SHA1

      32937c3cc04f5bc867c8754ca650ef5161da9210

    • SHA256

      ffa5036ac28ddf219766bee866974128fcd7f1f2afd77736adf4749871346466

    • SHA512

      2f8e552bb465d847bb904a1b0b62af2172a74f40419e735f11df93b2e282f7a64b9d0c3d570962dd39930f1d081a7c391da58774907614cfb77e39cf2be73e8f

    • SSDEEP

      12288:CoiKQe7S/+322Ghabdq399BObcCiZFU6d5WDAWHKVbnIGWBuhNy3qXDYMB:uKO/+3HGhabdO9pe6f8/SMPL6XUMB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks