Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a

  • Size

    369KB

  • Sample

    240112-24gp1agcf4

  • MD5

    2c8f35dd97166057ed6c064771e26c13

  • SHA1

    a0a9ca5ee34bf0be421885fe8a138d8593140604

  • SHA256

    29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a

  • SHA512

    f1a4e012d723a7eadc0725b951ea70995c845dcaf7300fa634d0ed602cba4ea197e90098182cbaabbadfc1fad5ea2156123d7464f3d67fb87ef6317e7ea3d0a2

  • SSDEEP

    6144:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F///c/4/3/c/B/4/E/b/4hRUsEr9EAYNClR:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F/C

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://dnalnoomnus.ru/index.php

https://dnalnoomnus.ru/index.php

rc4.i32
rc4.i32

Targets

    • Target

      29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a

    • Size

      369KB

    • MD5

      2c8f35dd97166057ed6c064771e26c13

    • SHA1

      a0a9ca5ee34bf0be421885fe8a138d8593140604

    • SHA256

      29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a

    • SHA512

      f1a4e012d723a7eadc0725b951ea70995c845dcaf7300fa634d0ed602cba4ea197e90098182cbaabbadfc1fad5ea2156123d7464f3d67fb87ef6317e7ea3d0a2

    • SSDEEP

      6144:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F///c/4/3/c/B/4/E/b/4hRUsEr9EAYNClR:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F/C

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks