Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    793a58e683a54d24d3c6bae96df29d65 (1).zip

  • Size

    1KB

  • Sample

    240827-fenw5atbrb

  • MD5

    a30c7c71eb82f21873e4d56dc46123b9

  • SHA1

    edc5c9e9a5a98a98df8b71e5cbbb52e79a1ffc4c

  • SHA256

    0ce08840503e94874639083ad57f08c0ce114804f2214b45a862da2a454630e5

  • SHA512

    e5478286abded0336124c5ec22be9f0f7161a6316105e10840834abcb7c38e8418f99f94f30e3caf6116614731e98be9045edc914e053f52e6f2f07b1aa207c2

Malware Config

Targets

    • Target

      793a58e683a54d24d3c6bae96df29d65

    • Size

      8KB

    • MD5

      e0b75bc23482fdc078b4dd694c49c4bb

    • SHA1

      c9503d1020a26d6ccbf0da9bf2f86d5ba034d347

    • SHA256

      dd51d6eeee76165192540548e2ac8fef08870afae3cc73c50b3687f8f8242f5f

    • SHA512

      0da5ed0187fb01027471cb0b07aaaac75e4c3964e64c50e09d398dc8a74e0ba75b8cef3f30949c082319f8546f455d0232ed05a99d4213ff4928502c37adb918

    • SSDEEP

      96:tS9qSotSBnHZ9R2va5keK3MbIxaopFztWDnOLnA/:twot8nHTUgahWD6M

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks