Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.W32.Trojan.UDXH-7640.14250.32506.exe

  • Size

    194KB

  • Sample

    221107-fppamscban

  • MD5

    1f7c02bd3eb53ee754b0c67c74cceec0

  • SHA1

    18e72b462474521a212c0b0ece294d89cfc9b3d7

  • SHA256

    fb4ff0ea4e2d42506aab15195e00b83441f97ee6c7d254d6b8e142b19697cbd1

  • SHA512

    4e81983e8058ccf3e966bb664c33a8f5910e34800a10105fb46448b3172c83c6af9aa55cf1ccd8458ca1ddf24717eb83c439f22f1ddc12dfd9265cc21dfdcacf

  • SSDEEP

    6144:0Uj/wkaLFBG5XddZTnzFFoXEPkua5AxQbI:0qNm2BnzFbkuaB8

Malware Config

Targets

    • Target

      SecuriteInfo.com.W32.Trojan.UDXH-7640.14250.32506.exe

    • Size

      194KB

    • MD5

      1f7c02bd3eb53ee754b0c67c74cceec0

    • SHA1

      18e72b462474521a212c0b0ece294d89cfc9b3d7

    • SHA256

      fb4ff0ea4e2d42506aab15195e00b83441f97ee6c7d254d6b8e142b19697cbd1

    • SHA512

      4e81983e8058ccf3e966bb664c33a8f5910e34800a10105fb46448b3172c83c6af9aa55cf1ccd8458ca1ddf24717eb83c439f22f1ddc12dfd9265cc21dfdcacf

    • SSDEEP

      6144:0Uj/wkaLFBG5XddZTnzFFoXEPkua5AxQbI:0qNm2BnzFbkuaB8

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks