Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.dfa1030b49da1997953542e47d394a5e3327ce225bc779a20a93f3f1ea7502f4_JC.exe
-
Size
363KB
-
Sample
231006-tlq7qaec5s
-
MD5
dccb60fb185d8098f3844b5d5777a045
-
SHA1
2b8e3b905310d713a443b844e110dbb71359b09c
-
SHA256
dfa1030b49da1997953542e47d394a5e3327ce225bc779a20a93f3f1ea7502f4
-
SHA512
edb8ee6fda1764a2958e9b932828e579c2408cdd29919331f461a02107d01be48d3e03f51329410630c614d933302b4df380efe38616cdaa7754cd267d566639
-
SSDEEP
3072:wwH52YRs4UEbwIeG+p1C3nIsP3ozz6rRZ+pr4/lGW/o2xNbr7ZwVRU/qIUgd1Uvc:tEYC4UmwIeG/I+3Ks/UC7ZwV8Pyo
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.dfa1030b49da1997953542e47d394a5e3327ce225bc779a20a93f3f1ea7502f4_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.dfa1030b49da1997953542e47d394a5e3327ce225bc779a20a93f3f1ea7502f4_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
smokeloader
0024
Extracted
smokeloader
2022
https://utah-saints.com/search.php
https://atlanta-newspaper.com/search.php
Targets
-
-
Target
NEAS.dfa1030b49da1997953542e47d394a5e3327ce225bc779a20a93f3f1ea7502f4_JC.exe
-
Size
363KB
-
MD5
dccb60fb185d8098f3844b5d5777a045
-
SHA1
2b8e3b905310d713a443b844e110dbb71359b09c
-
SHA256
dfa1030b49da1997953542e47d394a5e3327ce225bc779a20a93f3f1ea7502f4
-
SHA512
edb8ee6fda1764a2958e9b932828e579c2408cdd29919331f461a02107d01be48d3e03f51329410630c614d933302b4df380efe38616cdaa7754cd267d566639
-
SSDEEP
3072:wwH52YRs4UEbwIeG+p1C3nIsP3ozz6rRZ+pr4/lGW/o2xNbr7ZwVRU/qIUgd1Uvc:tEYC4UmwIeG/I+3Ks/UC7ZwV8Pyo
Score10/10-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-