Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f17263a83ea1c51f172cf8021695a62904228bcc94c76a4f3aee92aa11d1531e

  • Size

    235KB

  • Sample

    230420-agczraeb76

  • MD5

    f066332ccc81b918c04cdcab3b828c27

  • SHA1

    4082bbb60d30dbcbfa95f921ab8d37f53d94b374

  • SHA256

    f17263a83ea1c51f172cf8021695a62904228bcc94c76a4f3aee92aa11d1531e

  • SHA512

    9f227a999089c3355a7df103997ccfcab080c59067271e5ae169e694851448c5d187566851cdba0f32282906edb337d9938ebde9e58cb932f3d138af92fff5c0

  • SSDEEP

    3072:Mo4YHU2P1TYkOpeBqwDn3RBCStOvknEZ4F/z5L9dSajk4/owe3:FFHUoHOA3ySYvknEeD9d5g4/ve3

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32
rc4.i32

Targets

    • Target

      f17263a83ea1c51f172cf8021695a62904228bcc94c76a4f3aee92aa11d1531e

    • Size

      235KB

    • MD5

      f066332ccc81b918c04cdcab3b828c27

    • SHA1

      4082bbb60d30dbcbfa95f921ab8d37f53d94b374

    • SHA256

      f17263a83ea1c51f172cf8021695a62904228bcc94c76a4f3aee92aa11d1531e

    • SHA512

      9f227a999089c3355a7df103997ccfcab080c59067271e5ae169e694851448c5d187566851cdba0f32282906edb337d9938ebde9e58cb932f3d138af92fff5c0

    • SSDEEP

      3072:Mo4YHU2P1TYkOpeBqwDn3RBCStOvknEZ4F/z5L9dSajk4/owe3:FFHUoHOA3ySYvknEeD9d5g4/ve3

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks