Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ccbbc3c01b55bfa69e7d4f00831afa15.exe
-
Size
2.5MB
-
Sample
231209-cmagxsfff6
-
MD5
ccbbc3c01b55bfa69e7d4f00831afa15
-
SHA1
ddaa8e54a83b875ea75ea92821dbac12f349f20b
-
SHA256
eca2c3d8f96bac8b7b66f7564ae769494ca0bc050df8987a3d5a9ca2528d2103
-
SHA512
d93d0ae09f5583da71f686b8e969a1e6727ad14f525109bc7b84d4adc4906df94e943a4082e1c58619a654c8308478f297fd8cfac0112b08ab30daec610991fa
-
SSDEEP
49152:eSJ8+UFOkoXyT+ZOIol1gjhJmqx6iPjusnFVnt0nR6BCNyaXEGGCSgRVffB99Hk:HJdQOkoXboRl1gmpiPj5nd0nRKCN1XVQ
Static task
static1
Behavioral task
behavioral1
Sample
ccbbc3c01b55bfa69e7d4f00831afa15.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
ccbbc3c01b55bfa69e7d4f00831afa15.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
risepro
193.233.132.51
Extracted
smokeloader
2022
http://81.19.131.34/fks/index.php
Targets
-
-
Target
ccbbc3c01b55bfa69e7d4f00831afa15.exe
-
Size
2.5MB
-
MD5
ccbbc3c01b55bfa69e7d4f00831afa15
-
SHA1
ddaa8e54a83b875ea75ea92821dbac12f349f20b
-
SHA256
eca2c3d8f96bac8b7b66f7564ae769494ca0bc050df8987a3d5a9ca2528d2103
-
SHA512
d93d0ae09f5583da71f686b8e969a1e6727ad14f525109bc7b84d4adc4906df94e943a4082e1c58619a654c8308478f297fd8cfac0112b08ab30daec610991fa
-
SSDEEP
49152:eSJ8+UFOkoXyT+ZOIol1gjhJmqx6iPjusnFVnt0nR6BCNyaXEGGCSgRVffB99Hk:HJdQOkoXboRl1gmpiPj5nd0nRKCN1XVQ
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1