Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b8c36cfa1ede14bc94a65ec3233d516d7bf38d3adc39b9c7a6ee53b03454f3c3

  • Size

    292KB

  • Sample

    230506-hdps5sgc76

  • MD5

    c366679cf1cea1580a40f1930a279f63

  • SHA1

    073543dd73c91342c8989eee466eafe57fbde224

  • SHA256

    b8c36cfa1ede14bc94a65ec3233d516d7bf38d3adc39b9c7a6ee53b03454f3c3

  • SHA512

    c4475dc744c46d3c30036853f6a5d1a71dbf7f959aa702df5a1768b6faf9ddfa63d0995d084338e44490787bd27e7df79e2a8f84857e89b04565ed447bb53a84

  • SSDEEP

    3072:FngqDVtYJYO6Jh4/FmRr7G3QfHR8hvFeNsezyBefIO5JVyLoCV5eHCPK:3AJY6/QVyOyysO5J+oCwCPK

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      b8c36cfa1ede14bc94a65ec3233d516d7bf38d3adc39b9c7a6ee53b03454f3c3

    • Size

      292KB

    • MD5

      c366679cf1cea1580a40f1930a279f63

    • SHA1

      073543dd73c91342c8989eee466eafe57fbde224

    • SHA256

      b8c36cfa1ede14bc94a65ec3233d516d7bf38d3adc39b9c7a6ee53b03454f3c3

    • SHA512

      c4475dc744c46d3c30036853f6a5d1a71dbf7f959aa702df5a1768b6faf9ddfa63d0995d084338e44490787bd27e7df79e2a8f84857e89b04565ed447bb53a84

    • SSDEEP

      3072:FngqDVtYJYO6Jh4/FmRr7G3QfHR8hvFeNsezyBefIO5JVyLoCV5eHCPK:3AJY6/QVyOyysO5J+oCwCPK

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks