Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f28dfd38523e34dea9a8e16ed4354fe8d52610ba40e1e9ba366a62197c5aba83

  • Size

    261KB

  • Sample

    230113-avk8aafg2s

  • MD5

    a8bc65f75a40b2c1b2626fd09942fdb1

  • SHA1

    465fa2356918d95fa5f3132aebc3b0e5dbd8315f

  • SHA256

    f28dfd38523e34dea9a8e16ed4354fe8d52610ba40e1e9ba366a62197c5aba83

  • SHA512

    d05c39346d1d30741d0d92ddbf68151a45f2d3712b1945475e78d80e63fd292328ec5a6a6a05d09d3955a125e036030105259acdaec3dde6f1c33292b0705508

  • SSDEEP

    3072:lXWwvOItT55jJH4FUC98dYQ8H81Ik9CEwI2BPongMe5LRFYUEA7:hLLtTvJwUCWYhc1Hf26IwUR

Malware Config

Targets

    • Target

      f28dfd38523e34dea9a8e16ed4354fe8d52610ba40e1e9ba366a62197c5aba83

    • Size

      261KB

    • MD5

      a8bc65f75a40b2c1b2626fd09942fdb1

    • SHA1

      465fa2356918d95fa5f3132aebc3b0e5dbd8315f

    • SHA256

      f28dfd38523e34dea9a8e16ed4354fe8d52610ba40e1e9ba366a62197c5aba83

    • SHA512

      d05c39346d1d30741d0d92ddbf68151a45f2d3712b1945475e78d80e63fd292328ec5a6a6a05d09d3955a125e036030105259acdaec3dde6f1c33292b0705508

    • SSDEEP

      3072:lXWwvOItT55jJH4FUC98dYQ8H81Ik9CEwI2BPongMe5LRFYUEA7:hLLtTvJwUCWYhc1Hf26IwUR

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks