Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a255965b5cd3193944c90a3e1c574ec568d049f569972520773ca9bb597d0105

  • Size

    327KB

  • Sample

    230109-y4f7paff36

  • MD5

    dd2184835ef5a02a58d037a393c270ce

  • SHA1

    4f172d237ac68b6e3af972e43066d0b3f0cb7806

  • SHA256

    a255965b5cd3193944c90a3e1c574ec568d049f569972520773ca9bb597d0105

  • SHA512

    b49a2568d9a19e4b13a0c128d591b7e415b98c9fb5c5a9b6a360673ed7c9d896172ae9962f51a5aac8c326e5b5c08a9b8ada9cc74f8578963a11900e678a73bb

  • SSDEEP

    3072:GXOdT7bRKVEMSH5sI55ihIyTAZMgUB/b5mAwUq/HldnywF7zkuWdjJrht1Lw8dVR:umbRK6H5VMgUXhzaH/b+THh7mf/o

Malware Config

Targets

    • Target

      a255965b5cd3193944c90a3e1c574ec568d049f569972520773ca9bb597d0105

    • Size

      327KB

    • MD5

      dd2184835ef5a02a58d037a393c270ce

    • SHA1

      4f172d237ac68b6e3af972e43066d0b3f0cb7806

    • SHA256

      a255965b5cd3193944c90a3e1c574ec568d049f569972520773ca9bb597d0105

    • SHA512

      b49a2568d9a19e4b13a0c128d591b7e415b98c9fb5c5a9b6a360673ed7c9d896172ae9962f51a5aac8c326e5b5c08a9b8ada9cc74f8578963a11900e678a73bb

    • SSDEEP

      3072:GXOdT7bRKVEMSH5sI55ihIyTAZMgUB/b5mAwUq/HldnywF7zkuWdjJrht1Lw8dVR:umbRK6H5VMgUXhzaH/b+THh7mf/o

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks