Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c090995b6f5d9aa37dbdfe0aa1cf7d83.exe

  • Size

    188KB

  • Sample

    230212-wcajqafe32

  • MD5

    c090995b6f5d9aa37dbdfe0aa1cf7d83

  • SHA1

    94c430817d92e665844bd4d44a8a7f16bdebbb13

  • SHA256

    47a20ebc7f81cc8b99991644291d40b89c376f8fb820099317f6dca973f74063

  • SHA512

    98e2de32e2daafc86b603d7fba266469e21ed09428a61c2eb15c6ed7890239a4adcecb905b401f168a3f749b0ff520b5277224a2bde2f6655cd0db977b9d93b6

  • SSDEEP

    3072:R7wvP+rGmn56ZVgbwcnVygHXTlRmPAbC7rplto:FGLN4scTX5shl

Malware Config

Targets

    • Target

      c090995b6f5d9aa37dbdfe0aa1cf7d83.exe

    • Size

      188KB

    • MD5

      c090995b6f5d9aa37dbdfe0aa1cf7d83

    • SHA1

      94c430817d92e665844bd4d44a8a7f16bdebbb13

    • SHA256

      47a20ebc7f81cc8b99991644291d40b89c376f8fb820099317f6dca973f74063

    • SHA512

      98e2de32e2daafc86b603d7fba266469e21ed09428a61c2eb15c6ed7890239a4adcecb905b401f168a3f749b0ff520b5277224a2bde2f6655cd0db977b9d93b6

    • SSDEEP

      3072:R7wvP+rGmn56ZVgbwcnVygHXTlRmPAbC7rplto:FGLN4scTX5shl

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks