Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
326288e784f015e92b191f5a9f0fa00874531b544f691f677417e5eee658033c.zip
-
Size
1.1MB
-
Sample
240402-mbbkysef3w
-
MD5
4fa754f19d104d5a7a086744e7d01625
-
SHA1
a4fb0d5b3ab014f5009ea67737f7b4b3f339f860
-
SHA256
bcd060a104ecec57b5c4d0d21833c5d56933c759f6f686512dffc7cd458bd1ba
-
SHA512
634a0cadf033f1abb14a0fdf7eb560503bf64940bdc1b506c0fee3c85ccfcebaaa77845b0f60386778142f20169d2ab877ee3d28e69b354247d4edea08f76c10
-
SSDEEP
24576:A4bYzD0uI6CXhwqAETndFqhs4lr4dUw1YIuev4yugFqfCeOAAPaTeMBAPIa2PwE5:A3f036CRoundM24lrsUidVv4yul7WTc9
Static task
static1
Behavioral task
behavioral1
Sample
326288e784f015e92b191f5a9f0fa00874531b544f691f677417e5eee658033c.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
supera
77.91.124.82:19071
Targets
-
-
Target
326288e784f015e92b191f5a9f0fa00874531b544f691f677417e5eee658033c.exe
-
Size
1.2MB
-
MD5
b086189007b4e0cf08063542a96a8aee
-
SHA1
4c40dde0e25fc2ea893a54334649eff267f3186b
-
SHA256
326288e784f015e92b191f5a9f0fa00874531b544f691f677417e5eee658033c
-
SHA512
b0654b6d76a9084e53120e155f1f75a7bdb020be07287388e41d766d3ec91aec5cb377c731665af4ede4fe6ec6e33a158929a4d4681a877b0a1ab886c5a0d25c
-
SSDEEP
24576:kyFXCc8RaNMhF4dPyoYp+VdSsjndO4FgOy+Tql7+4fbMi17IxD:zFR8RaehQyFp+bS0njl+lq4f
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1