Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5add51a8c4b5a8837dddb0598dbcac4d2f3cb19e478306c73b6b4aaf3e061076

  • Size

    284KB

  • Sample

    220929-wnyqpacegp

  • MD5

    81918bfb41d256be7d2a45f13a2d7f85

  • SHA1

    98f4a13c6fd5f4b78872f7fbabeb2f7c60e01f4c

  • SHA256

    5add51a8c4b5a8837dddb0598dbcac4d2f3cb19e478306c73b6b4aaf3e061076

  • SHA512

    37cec5f62bba53a32402fa87040c29bf723df741cab4f9c5f411a4aebf5ef2f42e29af4162ef5a17f77dba5b4a8831c3b4cb58a50c48666af6ffff8e136566d4

  • SSDEEP

    3072:wXhLVElCqcvA/3p/PN5+FtkJCvyQ8rZr4TMv4hh41WrxpzbgqruO0K6zkCsMpZaM:krEn4tkJCmRm41uzbgwuO0AMwVfgzL

Malware Config

Targets

    • Target

      5add51a8c4b5a8837dddb0598dbcac4d2f3cb19e478306c73b6b4aaf3e061076

    • Size

      284KB

    • MD5

      81918bfb41d256be7d2a45f13a2d7f85

    • SHA1

      98f4a13c6fd5f4b78872f7fbabeb2f7c60e01f4c

    • SHA256

      5add51a8c4b5a8837dddb0598dbcac4d2f3cb19e478306c73b6b4aaf3e061076

    • SHA512

      37cec5f62bba53a32402fa87040c29bf723df741cab4f9c5f411a4aebf5ef2f42e29af4162ef5a17f77dba5b4a8831c3b4cb58a50c48666af6ffff8e136566d4

    • SSDEEP

      3072:wXhLVElCqcvA/3p/PN5+FtkJCvyQ8rZr4TMv4hh41WrxpzbgqruO0K6zkCsMpZaM:krEn4tkJCmRm41uzbgwuO0AMwVfgzL

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks