Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bd69802d17c0495539e31d37cad0cbb9
-
Size
3.4MB
-
Sample
240310-cr1jxahf87
-
MD5
bd69802d17c0495539e31d37cad0cbb9
-
SHA1
5f162b385ea318e517a266af1f92a56e3b561eb0
-
SHA256
bbb1867666dcd3898495a36ebec4d9a00c5c4c519eab587f530f5f5c6d80cb32
-
SHA512
4d42aec63f043e0e1f930a5c570de0d6c5f9be1f56caf99f5b7246d81bd7251b3030b9466195010f6dc020cf4d85fb9dbc17657941c09526a8475ca1cfe187ea
-
SSDEEP
98304:y8s9pUMEDVqWVZ5aa3X4rCkCVIfORksx0H:yhUTXVdX42kAyLt
Static task
static1
Behavioral task
behavioral1
Sample
bd69802d17c0495539e31d37cad0cbb9.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bd69802d17c0495539e31d37cad0cbb9.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
setup_installer.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
setup_installer.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
nullmixer
http://marisana.xyz/
Extracted
redline
pab3
185.215.113.15:61506
Extracted
vidar
40
706
https://lenak513.tumblr.com/
-
profile_id
706
Extracted
smokeloader
pub6
Extracted
smokeloader
2020
http://aucmoney.com/upload/
http://thegymmum.com/upload/
http://atvcampingtrips.com/upload/
http://kuapakualaman.com/upload/
http://renatazarazua.com/upload/
http://nasufmutlu.com/upload/
Extracted
cryptbot
knudqw18.top
morzku01.top
-
payload_url
http://saryek01.top/download.php?file=lv.exe
Targets
-
-
Target
bd69802d17c0495539e31d37cad0cbb9
-
Size
3.4MB
-
MD5
bd69802d17c0495539e31d37cad0cbb9
-
SHA1
5f162b385ea318e517a266af1f92a56e3b561eb0
-
SHA256
bbb1867666dcd3898495a36ebec4d9a00c5c4c519eab587f530f5f5c6d80cb32
-
SHA512
4d42aec63f043e0e1f930a5c570de0d6c5f9be1f56caf99f5b7246d81bd7251b3030b9466195010f6dc020cf4d85fb9dbc17657941c09526a8475ca1cfe187ea
-
SSDEEP
98304:y8s9pUMEDVqWVZ5aa3X4rCkCVIfORksx0H:yhUTXVdX42kAyLt
-
CryptBot payload
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Vidar Stealer
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
setup_installer.exe
-
Size
3.4MB
-
MD5
15eb5a44613074dee64d6f25eceb66be
-
SHA1
a414befb2fdf6c508d4936f723f8b142828b2b16
-
SHA256
57f10efc739ec361aebc5282037d8013f39991d2f87ab144dd16e3cd63ed6999
-
SHA512
e749bfd0ccb846547bf2759b6c39515caded7103fb5197059f60321ba26dfc367f9e69f2b7f889173b330ee5342ff94a4b6aec69aee9cedf9eb040dbbafc27a4
-
SSDEEP
98304:xwCvLUBsgQPoIXHs02aorqdKmUzKDwXQXKV9fV:xNLUCgeoIXM0R3nUz8wrPfV
-
CryptBot payload
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Vidar Stealer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1