Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

99c0cf1dd3...45.exe

windows7-x64

10

99c0cf1dd3...45.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01097d203000288cc8ef629b9b830dd2.bin

  • Size

    27KB

  • Sample

    230721-bcpy7aca6t

  • MD5

    8ee8fb736dd67a2126750e0748cb9bcd

  • SHA1

    d1573968c4ad79df8c924e06ed899900b7507d4e

  • SHA256

    1d42ffac5cac86552d8fdc91640a0fd3283caaab57a1e614d5c289304b38fffa

  • SHA512

    6312397947d90a9a68e99eb05fd8a0ec6ae1bb9e60730b7c2faf2421bd54e7a78589a6b12300e8e6ee1891303ee442cad304445e0aa6c29c16a46b06dddeb552

  • SSDEEP

    768:rikDuLULJCwHxvbd/GF9KsixdKUx8LNAr8p:r9CLUAwHtbd/mGdbt8p

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      99c0cf1dd3e620333c751d7b28d85d76c239c7fafcdaa71aeda4dc9b76c77145.exe

    • Size

      30KB

    • MD5

      01097d203000288cc8ef629b9b830dd2

    • SHA1

      c6eec303a933ce067f5d8ac49c6efb21f61142e6

    • SHA256

      99c0cf1dd3e620333c751d7b28d85d76c239c7fafcdaa71aeda4dc9b76c77145

    • SHA512

      8fc00b2bd23606edeee5fd48b51f62245e491698c88461889c2fd79b60ab3e9bdb540beb4c34716d88d83806868619f5af6455742fe585959dbf26541e808afb

    • SSDEEP

      384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks