Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    60b07a445998f1d5e90714ac1404b306cfdc9aa1be2d8616595a9e696d15a639

  • Size

    250KB

  • Sample

    230331-e9eq9shh8x

  • MD5

    933dc3211d2dd2a883c823ee0ee66b0c

  • SHA1

    35b71cbb5f192b9affa65e99417732e523956bce

  • SHA256

    60b07a445998f1d5e90714ac1404b306cfdc9aa1be2d8616595a9e696d15a639

  • SHA512

    716525fea8437cf9b35107139a791b39486eea8143cfd20420ef823da55261afe096c54b819940d11f0bcb51d1e233d64c1bdc1c7d5ea80c15c5f8f5de1ed791

  • SSDEEP

    3072:bReS2RFEzt8XRqvRRWRO9Z1VAD4dv79ttFY5UVPIwOySHpxw1E0a+v:p2RuyRqh3ZLFYu1IwuMWw

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      60b07a445998f1d5e90714ac1404b306cfdc9aa1be2d8616595a9e696d15a639

    • Size

      250KB

    • MD5

      933dc3211d2dd2a883c823ee0ee66b0c

    • SHA1

      35b71cbb5f192b9affa65e99417732e523956bce

    • SHA256

      60b07a445998f1d5e90714ac1404b306cfdc9aa1be2d8616595a9e696d15a639

    • SHA512

      716525fea8437cf9b35107139a791b39486eea8143cfd20420ef823da55261afe096c54b819940d11f0bcb51d1e233d64c1bdc1c7d5ea80c15c5f8f5de1ed791

    • SSDEEP

      3072:bReS2RFEzt8XRqvRRWRO9Z1VAD4dv79ttFY5UVPIwOySHpxw1E0a+v:p2RuyRqh3ZLFYu1IwuMWw

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks