Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6d1085ca99904e2f7d26eb2e2b040929c00d5a3d6e39437b53b6b7aaab8bd690

  • Size

    327KB

  • Sample

    230111-pb88bsca28

  • MD5

    517bbd12525eb7512758c6b2d8e989e6

  • SHA1

    2be931f4dba7b0eb558ee4dc162a602ef4939212

  • SHA256

    6d1085ca99904e2f7d26eb2e2b040929c00d5a3d6e39437b53b6b7aaab8bd690

  • SHA512

    7d1495d38f51fe40582c932bec31b07583ed4f55ba96ef46476080ca002105d0476d7d6a3241a79d2f232d855bce20a2333631b0f6c9ac49009d45edecc0738e

  • SSDEEP

    6144:C/d5XLV4HxrAxdSMW7G64yyNES5byDqCFNsY6:C/rV4HxOdxnyxOC4Y

Malware Config

Targets

    • Target

      6d1085ca99904e2f7d26eb2e2b040929c00d5a3d6e39437b53b6b7aaab8bd690

    • Size

      327KB

    • MD5

      517bbd12525eb7512758c6b2d8e989e6

    • SHA1

      2be931f4dba7b0eb558ee4dc162a602ef4939212

    • SHA256

      6d1085ca99904e2f7d26eb2e2b040929c00d5a3d6e39437b53b6b7aaab8bd690

    • SHA512

      7d1495d38f51fe40582c932bec31b07583ed4f55ba96ef46476080ca002105d0476d7d6a3241a79d2f232d855bce20a2333631b0f6c9ac49009d45edecc0738e

    • SSDEEP

      6144:C/d5XLV4HxrAxdSMW7G64yyNES5byDqCFNsY6:C/rV4HxOdxnyxOC4Y

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks