Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7c2b7f94b57d15b6f5f4ed31a96cc0ec.exe

  • Size

    285KB

  • Sample

    230207-lkb3eaah29

  • MD5

    7c2b7f94b57d15b6f5f4ed31a96cc0ec

  • SHA1

    51ec2b8292ae25dc53c1bb96722228c612651e05

  • SHA256

    94dcd9eb97aa7ef0957f20728ef38d1b95c9fc6f16c1467c752e019046ea882b

  • SHA512

    9dd76b03f6866ca792b6a906f69339ce9bf22ce61e21318f72c745e32619fc8d47a664f3ab68b5a0aba98574650d7189e7d74c656ef46d7f3f72ebe480041cec

  • SSDEEP

    6144:SOe7vYYo2U4YRNNbKL4pTYdkhVoi4Fc+dVkR52:SNvYYowYtiisdkEDFc+7kr2

Malware Config

Targets

    • Target

      7c2b7f94b57d15b6f5f4ed31a96cc0ec.exe

    • Size

      285KB

    • MD5

      7c2b7f94b57d15b6f5f4ed31a96cc0ec

    • SHA1

      51ec2b8292ae25dc53c1bb96722228c612651e05

    • SHA256

      94dcd9eb97aa7ef0957f20728ef38d1b95c9fc6f16c1467c752e019046ea882b

    • SHA512

      9dd76b03f6866ca792b6a906f69339ce9bf22ce61e21318f72c745e32619fc8d47a664f3ab68b5a0aba98574650d7189e7d74c656ef46d7f3f72ebe480041cec

    • SSDEEP

      6144:SOe7vYYo2U4YRNNbKL4pTYdkhVoi4Fc+dVkR52:SNvYYowYtiisdkEDFc+7kr2

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks