Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5be8da92bbff6083c03ebd4ecaabc4ed278adb79cb7db5a5e9f87e4c4bb09214
-
Size
2.1MB
-
Sample
231212-h73l4aacb9
-
MD5
f3cac5103d38bba4da239b96b2942a09
-
SHA1
8a6c58dcddffbb9f3d89d86a897ffe060ce3e394
-
SHA256
a512e0733a49fbe9dc0d0f68c3b7c6e5437943cbb1b79b3580484ad04343174b
-
SHA512
a72454ef4ff8f3f1c2b69b58a3822e8f0c71b34493e6370ea406af5c17b8710bfbeb189716b69c777472916ca85a605969a9b1aa7cafe3e4ad7c715287284c0b
-
SSDEEP
49152:bfsm8BmgFl3cQ5JamIgXrT2YSst4wGjM79S0Z/fKiGZZfDGThF+e+snEH:bglPJHIgWYSst+j09rfKiGjDsk
Static task
static1
Behavioral task
behavioral1
Sample
5be8da92bbff6083c03ebd4ecaabc4ed278adb79cb7db5a5e9f87e4c4bb09214.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
5be8da92bbff6083c03ebd4ecaabc4ed278adb79cb7db5a5e9f87e4c4bb09214.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
risepro
193.233.132.51
Extracted
smokeloader
2022
http://81.19.131.34/fks/index.php
Extracted
redline
LiveTraffic
77.105.132.87:17066
Extracted
smokeloader
up3
Extracted
redline
@oleh_ps
176.123.7.190:32927
Targets
-
-
Target
5be8da92bbff6083c03ebd4ecaabc4ed278adb79cb7db5a5e9f87e4c4bb09214
-
Size
2.2MB
-
MD5
eb7b0397d806590058cdf4c61f838f32
-
SHA1
b03b8aaa57d9a924a057ee7d8c1b8ed86c4a8f06
-
SHA256
5be8da92bbff6083c03ebd4ecaabc4ed278adb79cb7db5a5e9f87e4c4bb09214
-
SHA512
70e8bc8a7d1858554935a07a77fd3129bac11df20691da3d6804fd36f189ed52670056a3bc6cae7fd95a0122ccc255f63480a55c53d0c96a3acb0a35baa04b2c
-
SSDEEP
49152:Wpnm+9Bf3c65jsmEyXLB2YSctaUFP959ZfTKoEZjzNgBjgK+srO:mBfnjlEyEYSctp95zTKoEJNo
-
Detect ZGRat V1
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1