Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0

  • Size

    227KB

  • Sample

    221221-pnh7nscc46

  • MD5

    a9f127a12daffee261db244461d88d4d

  • SHA1

    87c3daaeb52d3752cfe2490f2bd50fa4aa662c18

  • SHA256

    71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0

  • SHA512

    d841a8164fed58f455ee035ff88bd42414af7ca1865b9e72ab79601b91d9f9752786020eeaea543dce9048431dd0270dc6ec146121a28f66f163a08b5e7ee522

  • SSDEEP

    6144:5GtLRU8PORjhRzo53oTqW85sbqkfeRu4:ItKKgjno53cb68

Malware Config

Targets

    • Target

      71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0

    • Size

      227KB

    • MD5

      a9f127a12daffee261db244461d88d4d

    • SHA1

      87c3daaeb52d3752cfe2490f2bd50fa4aa662c18

    • SHA256

      71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0

    • SHA512

      d841a8164fed58f455ee035ff88bd42414af7ca1865b9e72ab79601b91d9f9752786020eeaea543dce9048431dd0270dc6ec146121a28f66f163a08b5e7ee522

    • SSDEEP

      6144:5GtLRU8PORjhRzo53oTqW85sbqkfeRu4:ItKKgjno53cb68

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.