Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e73ca8ae1135189de67f9cc132ab43578c3d34141f080eb936e6aab82c0cf021
-
Size
316KB
-
Sample
221222-yx9wesfb56
-
MD5
c699ec8c7082761b49bdb613c2a96728
-
SHA1
f8f1618417446712d6609615f2832757fbc17222
-
SHA256
e73ca8ae1135189de67f9cc132ab43578c3d34141f080eb936e6aab82c0cf021
-
SHA512
c7788205afac4f2e6b397d40ca86e16506f4b9b4c6c32e6d96a9bbed7f7f7944c2c4a2dba0d1a426253deb79287d1967126d3d8ac190c56f28b82a67255f0873
-
SSDEEP
6144:vI9LAP/wIoWfpTESxuCRVVrkkiRR0cSpQTtyzsduHNIv:w9kP/wIxNESxusV9iRR0TCtyYduHNI
Malware Config
Targets
-
-
Target
e73ca8ae1135189de67f9cc132ab43578c3d34141f080eb936e6aab82c0cf021
-
Size
316KB
-
MD5
c699ec8c7082761b49bdb613c2a96728
-
SHA1
f8f1618417446712d6609615f2832757fbc17222
-
SHA256
e73ca8ae1135189de67f9cc132ab43578c3d34141f080eb936e6aab82c0cf021
-
SHA512
c7788205afac4f2e6b397d40ca86e16506f4b9b4c6c32e6d96a9bbed7f7f7944c2c4a2dba0d1a426253deb79287d1967126d3d8ac190c56f28b82a67255f0873
-
SSDEEP
6144:vI9LAP/wIoWfpTESxuCRVVrkkiRR0cSpQTtyzsduHNIv:w9kP/wIxNESxusV9iRR0TCtyYduHNI
Score10/10-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-