Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    97e0c30c9590fe5683af527735a2834e40eaefeb1693267dcfa344599a56a7cf

  • Size

    242KB

  • Sample

    230502-fznrvsbf2x

  • MD5

    de4051285d12096532fdcfaa75745df4

  • SHA1

    ae0403ed3814c5d6b7f63367a48182a88be0afdb

  • SHA256

    97e0c30c9590fe5683af527735a2834e40eaefeb1693267dcfa344599a56a7cf

  • SHA512

    26bf8de78778a151c834c233e519485c7dceb412f4ed6a88b44117cfe17d96258879b6d07e5f165e8f879209a5b6a337764a6770c5096d3ab5dc9d69de389261

  • SSDEEP

    3072:P5oq4YGfpBrPDU8UEbHE71aDs/tCZLGb3+kvA9PmtT0/QqVK74:PHwz7SELEpNVsGyFtmiQS

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      97e0c30c9590fe5683af527735a2834e40eaefeb1693267dcfa344599a56a7cf

    • Size

      242KB

    • MD5

      de4051285d12096532fdcfaa75745df4

    • SHA1

      ae0403ed3814c5d6b7f63367a48182a88be0afdb

    • SHA256

      97e0c30c9590fe5683af527735a2834e40eaefeb1693267dcfa344599a56a7cf

    • SHA512

      26bf8de78778a151c834c233e519485c7dceb412f4ed6a88b44117cfe17d96258879b6d07e5f165e8f879209a5b6a337764a6770c5096d3ab5dc9d69de389261

    • SSDEEP

      3072:P5oq4YGfpBrPDU8UEbHE71aDs/tCZLGb3+kvA9PmtT0/QqVK74:PHwz7SELEpNVsGyFtmiQS

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks