Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b270ce779ab0039ad0cb3f635ebf56589d71ba7e02f0238ec05777c37e1e358d

  • Size

    213KB

  • Sample

    221015-r5h94sfgb2

  • MD5

    e4b8e1635d88b7a450d1514b6324b907

  • SHA1

    c2d351c6f805fd435bd1de5df0b4b4fd112d1678

  • SHA256

    b270ce779ab0039ad0cb3f635ebf56589d71ba7e02f0238ec05777c37e1e358d

  • SHA512

    ffcd9feb3c6bf62b993a714fbd54d9562f34678e8e79f4fd45f69b334a086e710cdc04e42169aaf8eec60d9b9391fcf1aae3db88585ce64549a0df7071c6d7f2

  • SSDEEP

    3072:mRDXp0nzyLyFFMugJ0MlRl5odAoDotleqHGQSRto0KNUguzWBC:e7/LyFbM/65kGLvo0gUguzWBC

Malware Config

Targets

    • Target

      b270ce779ab0039ad0cb3f635ebf56589d71ba7e02f0238ec05777c37e1e358d

    • Size

      213KB

    • MD5

      e4b8e1635d88b7a450d1514b6324b907

    • SHA1

      c2d351c6f805fd435bd1de5df0b4b4fd112d1678

    • SHA256

      b270ce779ab0039ad0cb3f635ebf56589d71ba7e02f0238ec05777c37e1e358d

    • SHA512

      ffcd9feb3c6bf62b993a714fbd54d9562f34678e8e79f4fd45f69b334a086e710cdc04e42169aaf8eec60d9b9391fcf1aae3db88585ce64549a0df7071c6d7f2

    • SSDEEP

      3072:mRDXp0nzyLyFFMugJ0MlRl5odAoDotleqHGQSRto0KNUguzWBC:e7/LyFbM/65kGLvo0gUguzWBC

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks