Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b54032fc01363b6a3dc2378196c4bc4c
-
Size
4.8MB
-
Sample
240305-vznt7acc2w
-
MD5
b54032fc01363b6a3dc2378196c4bc4c
-
SHA1
c8d3b054ace51f4d59d5f774d690b92b672ac593
-
SHA256
79d64ca8a0ebef312050fb2a06a68d246aa0acacb30764da9af8fdbc5f821d0a
-
SHA512
b66b08e4323c430e7274c8dbb0ea75b1040d1b42191d92e7466c56900839e4f31301a058f0192ff7fc7287fd918e59c0b6d6ecdefb61d396c0c6176f91926571
-
SSDEEP
98304:yurQAZvwDAU9lMnvJ7Y1f8kPon/ox2agN1LwZ+x2vc8DHI9MdoB:yMEDflMnvmf8kPIoyN1LwEkPHI2w
Static task
static1
Behavioral task
behavioral1
Sample
b54032fc01363b6a3dc2378196c4bc4c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b54032fc01363b6a3dc2378196c4bc4c.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
setup_installer.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
setup_installer.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
nullmixer
http://sornx.xyz/
Extracted
privateloader
http://37.0.10.214/proxies.txt
http://37.0.10.244/server.txt
http://wfsdragon.ru/api/setStats.php
37.0.10.237
Extracted
smokeloader
pub6
Extracted
smokeloader
2020
http://aucmoney.com/upload/
http://thegymmum.com/upload/
http://atvcampingtrips.com/upload/
http://kuapakualaman.com/upload/
http://renatazarazua.com/upload/
http://nasufmutlu.com/upload/
Extracted
vidar
40.1
706
https://eduarroma.tumblr.com/
-
profile_id
706
Extracted
redline
pub1
viacetequn.site:80
Extracted
cryptbot
bunhiv18.top
morkix01.top
-
payload_url
http://tobdol01.top/download.php?file=lv.exe
Targets
-
-
Target
b54032fc01363b6a3dc2378196c4bc4c
-
Size
4.8MB
-
MD5
b54032fc01363b6a3dc2378196c4bc4c
-
SHA1
c8d3b054ace51f4d59d5f774d690b92b672ac593
-
SHA256
79d64ca8a0ebef312050fb2a06a68d246aa0acacb30764da9af8fdbc5f821d0a
-
SHA512
b66b08e4323c430e7274c8dbb0ea75b1040d1b42191d92e7466c56900839e4f31301a058f0192ff7fc7287fd918e59c0b6d6ecdefb61d396c0c6176f91926571
-
SSDEEP
98304:yurQAZvwDAU9lMnvJ7Y1f8kPon/ox2agN1LwZ+x2vc8DHI9MdoB:yMEDflMnvmf8kPIoyN1LwEkPHI2w
-
CryptBot payload
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
setup_installer.exe
-
Size
4.8MB
-
MD5
8e88e9762c2c7020225ef6c369f2ef0e
-
SHA1
15eb5c3f205e19471d3e60322efbddc2e8b2792e
-
SHA256
e847b7593382c56f6443caea1929e4657e8706a0e55deda227ab98231bde7667
-
SHA512
3bdeebd9e7f0e1895eebd6d749e9195903fa5e9dfab620e2e50fa719878680106c1f03925cf3fdb4bebbe98b72b6350ccedba6405c03f367591a8741bf8e53da
-
SSDEEP
98304:xRCvLUBsggNYhWYlw2Cs5llZA9PYJKmt6jFeQXhkYN3g0bM/1Tfe:x6LUCggNSlPllZAZI9t6sQ2fe
-
CryptBot payload
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1