Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fb267d71e2059ba52e1d02690956664d8ecc4c7e28875293946558232a3a83a7

  • Size

    350KB

  • Sample

    230415-kds7nsde48

  • MD5

    d1f80a8cabf4f103b368c5923b5d76e9

  • SHA1

    fab20649800aecb4183476e7ffdb4a948980602d

  • SHA256

    fb267d71e2059ba52e1d02690956664d8ecc4c7e28875293946558232a3a83a7

  • SHA512

    f1e8480606c66ee2a5539063884363dd2358ac0db210589a8e1eaaa43969def9659dd387fd5b7edac12249d538a64a49a1b58b798e1953805e7125b8cd5b50ed

  • SSDEEP

    3072:Bva5CA33zCS1gw2QpXDgScePBcw4adyWdDSXbuKLhZNhBUSmdoZgAHBrRGqT/s3m:E5FCYj2EjceTTBapXhZLHBrRmTi

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      fb267d71e2059ba52e1d02690956664d8ecc4c7e28875293946558232a3a83a7

    • Size

      350KB

    • MD5

      d1f80a8cabf4f103b368c5923b5d76e9

    • SHA1

      fab20649800aecb4183476e7ffdb4a948980602d

    • SHA256

      fb267d71e2059ba52e1d02690956664d8ecc4c7e28875293946558232a3a83a7

    • SHA512

      f1e8480606c66ee2a5539063884363dd2358ac0db210589a8e1eaaa43969def9659dd387fd5b7edac12249d538a64a49a1b58b798e1953805e7125b8cd5b50ed

    • SSDEEP

      3072:Bva5CA33zCS1gw2QpXDgScePBcw4adyWdDSXbuKLhZNhBUSmdoZgAHBrRGqT/s3m:E5FCYj2EjceTTBapXhZLHBrRmTi

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks