Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    03d2f72080a0ea3481802a20a4ffdf73.bin

  • Size

    931KB

  • Sample

    231212-bc36tadec3

  • MD5

    03d2f72080a0ea3481802a20a4ffdf73

  • SHA1

    9acb31e5216f4baafc1ee23c2a8e76a199e7f5d6

  • SHA256

    d3423d506c9ccc5f5ec5b4acf13716c4387cdc2d61f34b6a6e47dce65b2c9f2a

  • SHA512

    db8ccfbd645e5d18935bb12fc57bd790f9e2ba05504f89f6fc97e90f1533ff42f5e11e2be552ea9fb8d7493daeedddd9547108ca41146bf5e7269e67931efdd2

  • SSDEEP

    12288:Qo3KQe7S/+322Ghabdq399BObcCiZFU6d5WDAWHKVbnIGWBuhNy3xXJsMB:9KO/+3HGhabdO9pe6f8/SMPLBX+MB

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://81.19.131.34/fks/index.php

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

LiveTraffic

C2

77.105.132.87:17066

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

redline

Botnet

@oleh_ps

C2

176.123.7.190:32927

Targets

    • Target

      03d2f72080a0ea3481802a20a4ffdf73.bin

    • Size

      931KB

    • MD5

      03d2f72080a0ea3481802a20a4ffdf73

    • SHA1

      9acb31e5216f4baafc1ee23c2a8e76a199e7f5d6

    • SHA256

      d3423d506c9ccc5f5ec5b4acf13716c4387cdc2d61f34b6a6e47dce65b2c9f2a

    • SHA512

      db8ccfbd645e5d18935bb12fc57bd790f9e2ba05504f89f6fc97e90f1533ff42f5e11e2be552ea9fb8d7493daeedddd9547108ca41146bf5e7269e67931efdd2

    • SSDEEP

      12288:Qo3KQe7S/+322Ghabdq399BObcCiZFU6d5WDAWHKVbnIGWBuhNy3xXJsMB:9KO/+3HGhabdO9pe6f8/SMPLBX+MB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks