Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2e6bea0f83ebe6b4a523b65774c5b256cecdd866dfa85497f7c7f52769906b63

  • Size

    229KB

  • Sample

    221223-t35rfabh7z

  • MD5

    c8319250371b63dba3aa715ba1d942f5

  • SHA1

    89b5f7790b6a393a4e645989049938da6a791ce0

  • SHA256

    2e6bea0f83ebe6b4a523b65774c5b256cecdd866dfa85497f7c7f52769906b63

  • SHA512

    0511c56aedb0dfe9c4bb8a96fa3f07cd174901d1240b880a459819f41d2eb54d381113d872801c39f19e37c3765f2d012a35461bea2fb1308340072acaa2c8d6

  • SSDEEP

    3072:8Aw/1CLeTjtUpIyATSpWCwvC7RotTzXtAhu+oukzDV1vWBkOuRGK:o9CLIOpQupWjCOtT7tAIuk11vpjcK

Malware Config

Targets

    • Target

      2e6bea0f83ebe6b4a523b65774c5b256cecdd866dfa85497f7c7f52769906b63

    • Size

      229KB

    • MD5

      c8319250371b63dba3aa715ba1d942f5

    • SHA1

      89b5f7790b6a393a4e645989049938da6a791ce0

    • SHA256

      2e6bea0f83ebe6b4a523b65774c5b256cecdd866dfa85497f7c7f52769906b63

    • SHA512

      0511c56aedb0dfe9c4bb8a96fa3f07cd174901d1240b880a459819f41d2eb54d381113d872801c39f19e37c3765f2d012a35461bea2fb1308340072acaa2c8d6

    • SSDEEP

      3072:8Aw/1CLeTjtUpIyATSpWCwvC7RotTzXtAhu+oukzDV1vWBkOuRGK:o9CLIOpQupWjCOtT7tAIuk11vpjcK

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks