Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e73ca8ae1135189de67f9cc132ab43578c3d34141f080eb936e6aab82c0cf021

  • Size

    316KB

  • Sample

    221222-yx9wesfb56

  • MD5

    c699ec8c7082761b49bdb613c2a96728

  • SHA1

    f8f1618417446712d6609615f2832757fbc17222

  • SHA256

    e73ca8ae1135189de67f9cc132ab43578c3d34141f080eb936e6aab82c0cf021

  • SHA512

    c7788205afac4f2e6b397d40ca86e16506f4b9b4c6c32e6d96a9bbed7f7f7944c2c4a2dba0d1a426253deb79287d1967126d3d8ac190c56f28b82a67255f0873

  • SSDEEP

    6144:vI9LAP/wIoWfpTESxuCRVVrkkiRR0cSpQTtyzsduHNIv:w9kP/wIxNESxusV9iRR0TCtyYduHNI

Malware Config

Targets

    • Target

      e73ca8ae1135189de67f9cc132ab43578c3d34141f080eb936e6aab82c0cf021

    • Size

      316KB

    • MD5

      c699ec8c7082761b49bdb613c2a96728

    • SHA1

      f8f1618417446712d6609615f2832757fbc17222

    • SHA256

      e73ca8ae1135189de67f9cc132ab43578c3d34141f080eb936e6aab82c0cf021

    • SHA512

      c7788205afac4f2e6b397d40ca86e16506f4b9b4c6c32e6d96a9bbed7f7f7944c2c4a2dba0d1a426253deb79287d1967126d3d8ac190c56f28b82a67255f0873

    • SSDEEP

      6144:vI9LAP/wIoWfpTESxuCRVVrkkiRR0cSpQTtyzsduHNIv:w9kP/wIxNESxusV9iRR0TCtyYduHNI

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks