Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dceed116505dc28ed3395b0fc8aa1b3ac5425f80760d49a36815471d77aeb111.exe

  • Size

    153KB

  • Sample

    250113-lvksasxnav

  • MD5

    777925213ecd8fbe866839cd6e0ba0fe

  • SHA1

    73b2a357cee11e9834f15cf77078592c9438c016

  • SHA256

    dceed116505dc28ed3395b0fc8aa1b3ac5425f80760d49a36815471d77aeb111

  • SHA512

    f63365f305043d24ac26a0759c5346c5a70bd0f8c6a4b45b6a064f57493c8070e23318732f9729a18d727eac803bf7edb6bfc2df6a7f027fc78e7470babe830e

  • SSDEEP

    3072:ETYpZuF8Ztvu/pQuQweBRce7ePeQH9WW/:ETDwRuhdCkPeQHv/

Malware Config

Extracted

Family

smokeloader

Botnet

new2

Targets

    • Target

      dceed116505dc28ed3395b0fc8aa1b3ac5425f80760d49a36815471d77aeb111.exe

    • Size

      153KB

    • MD5

      777925213ecd8fbe866839cd6e0ba0fe

    • SHA1

      73b2a357cee11e9834f15cf77078592c9438c016

    • SHA256

      dceed116505dc28ed3395b0fc8aa1b3ac5425f80760d49a36815471d77aeb111

    • SHA512

      f63365f305043d24ac26a0759c5346c5a70bd0f8c6a4b45b6a064f57493c8070e23318732f9729a18d727eac803bf7edb6bfc2df6a7f027fc78e7470babe830e

    • SSDEEP

      3072:ETYpZuF8Ztvu/pQuQweBRce7ePeQH9WW/:ETDwRuhdCkPeQHv/

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Smokeloader family

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks