Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1d7437d860a392e93ea83ebe6b11a9a127d95c70699c576900a828ab869676be

  • Size

    179KB

  • Sample

    230305-ja8mhsga38

  • MD5

    8e34b1f2f8dde77647df4a288d2d0892

  • SHA1

    3a999eee6560c3e734b6e15b955830b3a3d1ed39

  • SHA256

    1d7437d860a392e93ea83ebe6b11a9a127d95c70699c576900a828ab869676be

  • SHA512

    b960d0b497d8942b1ed7c52709b5fd1b173875a4ffc375399c8c01e3d0180e766a5f276980560ac340d89b03e4547880401cba4271fbb7ea01aaa0bdbeb2e099

  • SSDEEP

    3072:oF8J9qXc9beLdp2CE1XbqZt7LdeibCTK94phdwnRztlXB9R:f4XMbeLlEhbELLb264phdwnR5lX

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      1d7437d860a392e93ea83ebe6b11a9a127d95c70699c576900a828ab869676be

    • Size

      179KB

    • MD5

      8e34b1f2f8dde77647df4a288d2d0892

    • SHA1

      3a999eee6560c3e734b6e15b955830b3a3d1ed39

    • SHA256

      1d7437d860a392e93ea83ebe6b11a9a127d95c70699c576900a828ab869676be

    • SHA512

      b960d0b497d8942b1ed7c52709b5fd1b173875a4ffc375399c8c01e3d0180e766a5f276980560ac340d89b03e4547880401cba4271fbb7ea01aaa0bdbeb2e099

    • SSDEEP

      3072:oF8J9qXc9beLdp2CE1XbqZt7LdeibCTK94phdwnRztlXB9R:f4XMbeLlEhbELLb264phdwnR5lX

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks