Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    77fd1326d6d6e5ee9204229b87b37abb2c9a4edac91ac7dfb0c596540ec0ea69

  • Size

    301KB

  • Sample

    221229-h3zpmsce64

  • MD5

    db01217ca2c9943b3770de9f4c2ef5e1

  • SHA1

    0026acad260ad52ca2ffe9f57b26ad7661b2a1f4

  • SHA256

    77fd1326d6d6e5ee9204229b87b37abb2c9a4edac91ac7dfb0c596540ec0ea69

  • SHA512

    5caf9d151ff1bfa2975199ace8d8273aa11d1659ce888dd02256a56cea8345bbdbaa5448efb46a2607b0c243e5a3c42ddda9c77e6a7d6fc878cb8b7c5616fc3f

  • SSDEEP

    6144:YIUHhLM8EGyKpXyB9r9vPw7n1HbwZoV9J:2BA8fFXyB9rlw7

Malware Config

Targets

    • Target

      77fd1326d6d6e5ee9204229b87b37abb2c9a4edac91ac7dfb0c596540ec0ea69

    • Size

      301KB

    • MD5

      db01217ca2c9943b3770de9f4c2ef5e1

    • SHA1

      0026acad260ad52ca2ffe9f57b26ad7661b2a1f4

    • SHA256

      77fd1326d6d6e5ee9204229b87b37abb2c9a4edac91ac7dfb0c596540ec0ea69

    • SHA512

      5caf9d151ff1bfa2975199ace8d8273aa11d1659ce888dd02256a56cea8345bbdbaa5448efb46a2607b0c243e5a3c42ddda9c77e6a7d6fc878cb8b7c5616fc3f

    • SSDEEP

      6144:YIUHhLM8EGyKpXyB9r9vPw7n1HbwZoV9J:2BA8fFXyB9rlw7

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks