Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
55cc830f41f9e74fbcfe2259d304c99b.bin
-
Size
312KB
-
Sample
240111-cyhbxacggq
-
MD5
55cc830f41f9e74fbcfe2259d304c99b
-
SHA1
f72fd071a6df30d6b0f145463ed4fe2f7d248e2b
-
SHA256
e6e106a5206be28f2b76c0190d3c1ba85d4f4bf759babd66c64d9a17a4219ddb
-
SHA512
293f62b48bda53c1d575636d30813cbb49865ee0d67302c001db3b1fec1de22a8fd2ae3945eca10903e15ee579e5ca22599fb8fb5a03594f593144c36c3aa131
-
SSDEEP
3072:rjEaOZ+J2LBo0V/NqF4wDa98Egq4IlmWUkbKUGn9zSw5n2iT9BARTYFkc:rSZ/LS0xNKr+9vdlm6bKUGnZnT3Fk
Malware Config
Extracted
smokeloader
2022
http://selebration17io.io/index.php
http://vacantion18ffeu.cc/index.php
http://valarioulinity1.net/index.php
http://buriatiarutuhuob.net/index.php
http://cassiosssionunu.me/index.php
http://sulugilioiu19.net/index.php
http://goodfooggooftool.net/index.php
http://legdfls2369.com/index.php
http://fpodsp0532xc.com/index.php
http://gucc352093520.com/index.php
Extracted
smokeloader
autm
Targets
-
-
Target
55cc830f41f9e74fbcfe2259d304c99b.bin
-
Size
312KB
-
MD5
55cc830f41f9e74fbcfe2259d304c99b
-
SHA1
f72fd071a6df30d6b0f145463ed4fe2f7d248e2b
-
SHA256
e6e106a5206be28f2b76c0190d3c1ba85d4f4bf759babd66c64d9a17a4219ddb
-
SHA512
293f62b48bda53c1d575636d30813cbb49865ee0d67302c001db3b1fec1de22a8fd2ae3945eca10903e15ee579e5ca22599fb8fb5a03594f593144c36c3aa131
-
SSDEEP
3072:rjEaOZ+J2LBo0V/NqF4wDa98Egq4IlmWUkbKUGn9zSw5n2iT9BARTYFkc:rSZ/LS0xNKr+9vdlm6bKUGnZnT3Fk
Score10/10-
Detect Vidar Stealer
-
Detect ZGRat V1
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-