Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a
-
Size
369KB
-
Sample
240112-24gp1agcf4
-
MD5
2c8f35dd97166057ed6c064771e26c13
-
SHA1
a0a9ca5ee34bf0be421885fe8a138d8593140604
-
SHA256
29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a
-
SHA512
f1a4e012d723a7eadc0725b951ea70995c845dcaf7300fa634d0ed602cba4ea197e90098182cbaabbadfc1fad5ea2156123d7464f3d67fb87ef6317e7ea3d0a2
-
SSDEEP
6144:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F///c/4/3/c/B/4/E/b/4hRUsEr9EAYNClR:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F/C
Static task
static1
Behavioral task
behavioral1
Sample
29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
2022
http://dnalnoomnus.ru/index.php
https://dnalnoomnus.ru/index.php
Targets
-
-
Target
29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a
-
Size
369KB
-
MD5
2c8f35dd97166057ed6c064771e26c13
-
SHA1
a0a9ca5ee34bf0be421885fe8a138d8593140604
-
SHA256
29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a
-
SHA512
f1a4e012d723a7eadc0725b951ea70995c845dcaf7300fa634d0ed602cba4ea197e90098182cbaabbadfc1fad5ea2156123d7464f3d67fb87ef6317e7ea3d0a2
-
SSDEEP
6144:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F///c/4/3/c/B/4/E/b/4hRUsEr9EAYNClR:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F/C
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-