Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9ce567b97d44dd54a3bb7ca097f2e3b78819ff878ae8e5318367169e88558c4d

  • Size

    305KB

  • Sample

    230502-eh4lbahf35

  • MD5

    1ba1e8e3e12a5bb2cdabfe63b5c538a0

  • SHA1

    2c060a2fc85a4f8ebe91279a7c122f6b34e4d080

  • SHA256

    9ce567b97d44dd54a3bb7ca097f2e3b78819ff878ae8e5318367169e88558c4d

  • SHA512

    a2d2a07ab8d627f3a356dcfeee41157a0d925f54f2b60c8053e14b1a607357a57079b97763ca13cd343226a15b9fbb87631571c54491d75ae998f28ef5aaa4ae

  • SSDEEP

    3072://DksHOYgdiKs/0gUhGmLDyHuO1i/IC6Dpz9TMK5ngTZ75jJh/SoSfECMceK85:XDksHQdiKbhGm/415C8MK5olz3c6

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      9ce567b97d44dd54a3bb7ca097f2e3b78819ff878ae8e5318367169e88558c4d

    • Size

      305KB

    • MD5

      1ba1e8e3e12a5bb2cdabfe63b5c538a0

    • SHA1

      2c060a2fc85a4f8ebe91279a7c122f6b34e4d080

    • SHA256

      9ce567b97d44dd54a3bb7ca097f2e3b78819ff878ae8e5318367169e88558c4d

    • SHA512

      a2d2a07ab8d627f3a356dcfeee41157a0d925f54f2b60c8053e14b1a607357a57079b97763ca13cd343226a15b9fbb87631571c54491d75ae998f28ef5aaa4ae

    • SSDEEP

      3072://DksHOYgdiKs/0gUhGmLDyHuO1i/IC6Dpz9TMK5ngTZ75jJh/SoSfECMceK85:XDksHQdiKbhGm/415C8MK5olz3c6

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks