Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e2acc678f689454e8e4ac91bec27e2c38bcb3aed4013f130316f77d0902e5119

  • Size

    180KB

  • Sample

    230321-cqcrfsge33

  • MD5

    b9d23e0d06815a3de94989feddf5960a

  • SHA1

    5dc57a509bb1739f75e4b279c30c08dde1edc8a8

  • SHA256

    e2acc678f689454e8e4ac91bec27e2c38bcb3aed4013f130316f77d0902e5119

  • SHA512

    7bae4c97442e7cd2e6660c6255906c91c2763929d78ffaabdc34f558ddd723c56f88743945d9605e5f3537828c894b09964b2c15ba14c00f391178551b33369d

  • SSDEEP

    3072:r8yGQqLjpoWapbSibPU36mtNmVenPIUOYT+HQPEZ:bGH5apeMPU36mtNmVen9OeH

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      e2acc678f689454e8e4ac91bec27e2c38bcb3aed4013f130316f77d0902e5119

    • Size

      180KB

    • MD5

      b9d23e0d06815a3de94989feddf5960a

    • SHA1

      5dc57a509bb1739f75e4b279c30c08dde1edc8a8

    • SHA256

      e2acc678f689454e8e4ac91bec27e2c38bcb3aed4013f130316f77d0902e5119

    • SHA512

      7bae4c97442e7cd2e6660c6255906c91c2763929d78ffaabdc34f558ddd723c56f88743945d9605e5f3537828c894b09964b2c15ba14c00f391178551b33369d

    • SSDEEP

      3072:r8yGQqLjpoWapbSibPU36mtNmVenPIUOYT+HQPEZ:bGH5apeMPU36mtNmVen9OeH

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks