Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4f45c248f85309015b06c13c239f67c795fdadaaccf7869a4a088d6912c85c83

  • Size

    359KB

  • Sample

    230322-tqa2ashh67

  • MD5

    1317d94f8128c203c467c24e78c9cae0

  • SHA1

    ccf709990df418998579eb3a50092416e0f1b80c

  • SHA256

    4f45c248f85309015b06c13c239f67c795fdadaaccf7869a4a088d6912c85c83

  • SHA512

    94b86441a937e4ed0646f4bc0a8e5bc22719676fb853c76e0d8fea9acf59a1bbefd95b9bcec05b30a4e592c75d276b8c7a47a24da18990e276ae076decfc54db

  • SSDEEP

    3072:OgrEaPOFiOAJtLnDYybyW7tfh+fukwIUOhFjIOwjwIuJJ:EW2yeGhifCn

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      4f45c248f85309015b06c13c239f67c795fdadaaccf7869a4a088d6912c85c83

    • Size

      359KB

    • MD5

      1317d94f8128c203c467c24e78c9cae0

    • SHA1

      ccf709990df418998579eb3a50092416e0f1b80c

    • SHA256

      4f45c248f85309015b06c13c239f67c795fdadaaccf7869a4a088d6912c85c83

    • SHA512

      94b86441a937e4ed0646f4bc0a8e5bc22719676fb853c76e0d8fea9acf59a1bbefd95b9bcec05b30a4e592c75d276b8c7a47a24da18990e276ae076decfc54db

    • SSDEEP

      3072:OgrEaPOFiOAJtLnDYybyW7tfh+fukwIUOhFjIOwjwIuJJ:EW2yeGhifCn

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks