Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a57bfc9a2b593515a6191435aed7a148d0ee23d95cc95e5e5710e460fa3edb22
-
Size
2.1MB
-
Sample
231212-cdf84sdadr
-
MD5
a288fb42bda7ce0e096bab0de0b801ec
-
SHA1
ae188730843a3631d765201a7dd3c43f0eb2d160
-
SHA256
5156ed7ccf46d2d1f016435d30c5fca0059afd23cf544d26806a2d7cb94429e4
-
SHA512
292d6eee93a4337b92ed45edfcbdb99db06a442a187080120d14bdbbf800d82ea1e413c9ec018a1866a117c0beec409bee7c55ce24b872039e6580b8a9e249b1
-
SSDEEP
49152:jso3GnxmzASuou17K7JWJL8+br39imVoze9b:Io3GnxYHRu1W7IK+bz9iIj9b
Static task
static1
Behavioral task
behavioral1
Sample
a57bfc9a2b593515a6191435aed7a148d0ee23d95cc95e5e5710e460fa3edb22.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
a57bfc9a2b593515a6191435aed7a148d0ee23d95cc95e5e5710e460fa3edb22.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
risepro
193.233.132.51
Extracted
smokeloader
2022
http://81.19.131.34/fks/index.php
Extracted
redline
LiveTraffic
77.105.132.87:17066
Extracted
smokeloader
up3
Extracted
redline
@oleh_ps
176.123.7.190:32927
Targets
-
-
Target
a57bfc9a2b593515a6191435aed7a148d0ee23d95cc95e5e5710e460fa3edb22
-
Size
2.2MB
-
MD5
9e3ab2a5b1a38b0c64fefb75c573072f
-
SHA1
762cf01886780951a7c0db676a6f224578625952
-
SHA256
a57bfc9a2b593515a6191435aed7a148d0ee23d95cc95e5e5710e460fa3edb22
-
SHA512
119547257a39cc7ae64266fe4397942c90c5896953e03cbbd127c740d0e857309a26ea130cb76e8c02749078cb8cce03b07bdf2bca6be96763e98386854d36da
-
SSDEEP
49152:t+elgBxORESmKsl7Kz1lcfL8Mbxf9KmVeJyM5l:UelgBx87xslWz1+AMb59KI/O
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1