Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    356c1b7171d6aba40a1dd434d6a4b1ea810847be9b741d23c3be72aef4e1a036

  • Size

    176KB

  • Sample

    221206-bmwvgsea78

  • MD5

    14fe2c844616c7685a3a2601c7884794

  • SHA1

    3d00e6dc7dd4ccd82bf0b4e74cc9b797647b4c7e

  • SHA256

    ed14486603cc232368e9b0650bd90163bbeec4f068aa4722926b0c4bf8683335

  • SHA512

    804cd9d2b980cbf6b5645ca149076757d571f6975e0ae601cb2cef808549505f6f8bf44fef0a2c87c58b026b04e57a98d2e15c8dcb62f2856d6d513f941ec32a

  • SSDEEP

    3072:Rmor9OlCc02OA83aBFMaHl4eIwJ+6+Owsbe7blHf8SZeZaEmX+bPaQoVARETb/C:IorgCc02OArBSeIlawF/ZeZDZboVAREa

Malware Config

Targets

    • Target

      356c1b7171d6aba40a1dd434d6a4b1ea810847be9b741d23c3be72aef4e1a036

    • Size

      274KB

    • MD5

      9b06106ec7ddfd36fe6092c40dd042d7

    • SHA1

      b966830e4ff4cfb180810f4bf461cbab1c42be61

    • SHA256

      356c1b7171d6aba40a1dd434d6a4b1ea810847be9b741d23c3be72aef4e1a036

    • SHA512

      e48b1d47ac5af6a8602d59083e206113c774b2b06af0a3a21cdebb120f4511c1dcdec801e0352bda1e872c924c99cd8c41316cf45cc8c2cb77c508b7085443ef

    • SSDEEP

      6144:8ZexVJOnbkxGFPKKK4awFYh5wIDcudniiJVS:8clMbaGLa7DcudniiJVS

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks