Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dc2b29d266ff6b61177109be6c45a9e8.bin

  • Size

    141KB

  • Sample

    230411-b2jtgahg83

  • MD5

    df0314d90735734f670e97ca6fa1cfce

  • SHA1

    62758df0526bbeab2c6d5ca3e8ebfcdc937ef30e

  • SHA256

    05594b7982e9ef176652ab924c6e34f681b4218bc8ded77f1787853cc0795ed7

  • SHA512

    0c4920f492be062f7f59d6e9fc216beb929c9773c0bf41df59fd00c8a8c38ce084254a17537b8d0630aeb609dab1db6ae4be45dd739e245128a538cc1e1b36d6

  • SSDEEP

    3072:JfB8zhF11nZABu7b2NaZfSrzl7VII+9EITdRFP4KubmDeyRlTlQWvEf:x8hF1OuOQarz3Ip9FTPFnW4eyRFlQWK

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      a7d879db0eb780f7c985e88537921f05e942739af8bb1a4903c96890d52f860d.exe

    • Size

      202KB

    • MD5

      dc2b29d266ff6b61177109be6c45a9e8

    • SHA1

      9fa94c33eea1ba317933ec84d338e176843748f9

    • SHA256

      a7d879db0eb780f7c985e88537921f05e942739af8bb1a4903c96890d52f860d

    • SHA512

      17381dacbe21b5517026b348835c477a1399c6cd1bf2d29d9d91bc77cf318f1166e46bda9ea6273607dc33cfe9c765afb4151a271e2c663fa8f6779c4062d3e4

    • SSDEEP

      3072:YRm4owMuuJHNqlzWrJoIRHA96Aplm5OmDR:IjQlZOzspghB

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks