Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

a8a27695f1...37.exe

windows7-x64

10

a8a27695f1...37.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a8a27695f1bc25512354f2c6b5e9d037.bin

  • Size

    703KB

  • Sample

    230716-cgrt1sdb7w

  • MD5

    a8a27695f1bc25512354f2c6b5e9d037

  • SHA1

    d39c5146f3560a6d55657eaa384a8794e25c97ad

  • SHA256

    4365ff3c93ee1faa413ab7cf6838884c449053479d3039e995a6cdfe590125e4

  • SHA512

    58e1eb8588514730e5727c684839f35e45390c429e52514d8394d607a332cc8b3be7a733f3dbc856c696d55607d1073289c8dca2d0bc30d1c46de640c262a913

  • SSDEEP

    12288:/fyw2ahjxbe1SORR84Rl7hChlA4aEISAe43v:/6NanbivDChdrnXm

Score
10/10
guloadersmokeloaderbackdoordiscoverydownloadertrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://cletonmy.com/

http://alpatrik.com/
rc4.i32
rc4.i32

Targets

    • Target

      a8a27695f1bc25512354f2c6b5e9d037.bin

    • Size

      703KB

    • MD5

      a8a27695f1bc25512354f2c6b5e9d037

    • SHA1

      d39c5146f3560a6d55657eaa384a8794e25c97ad

    • SHA256

      4365ff3c93ee1faa413ab7cf6838884c449053479d3039e995a6cdfe590125e4

    • SHA512

      58e1eb8588514730e5727c684839f35e45390c429e52514d8394d607a332cc8b3be7a733f3dbc856c696d55607d1073289c8dca2d0bc30d1c46de640c262a913

    • SSDEEP

      12288:/fyw2ahjxbe1SORR84Rl7hChlA4aEISAe43v:/6NanbivDChdrnXm

    Score
    10/10
    guloadersmokeloaderbackdoordiscoverydownloadertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Deletes itself

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks