Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4acd3dfbdcedfe49f4d95a35592fa167333900f13e468d23128c4f787be713f0

  • Size

    245KB

  • Sample

    230903-1vmdfscf55

  • MD5

    3f8f5fca4372c7d1889b1294f78e2394

  • SHA1

    21be72a7010b456c64444d247ef43c0f0616db72

  • SHA256

    4acd3dfbdcedfe49f4d95a35592fa167333900f13e468d23128c4f787be713f0

  • SHA512

    99f8adcc9cd5cb3588e3b1457bc6cecef9764a9bbd4d27e53436f0b774e31df45227b11ffb3c38a7040d804e407cc3bbe6231b0acae4e8b2089001079feae3d2

  • SSDEEP

    3072:g6tgzPSutyNF/OjsOYDexBHWsKNZi8zz4nwTOan87d:0RyesOlBHZOZi8zzawTBn8J

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      4acd3dfbdcedfe49f4d95a35592fa167333900f13e468d23128c4f787be713f0

    • Size

      245KB

    • MD5

      3f8f5fca4372c7d1889b1294f78e2394

    • SHA1

      21be72a7010b456c64444d247ef43c0f0616db72

    • SHA256

      4acd3dfbdcedfe49f4d95a35592fa167333900f13e468d23128c4f787be713f0

    • SHA512

      99f8adcc9cd5cb3588e3b1457bc6cecef9764a9bbd4d27e53436f0b774e31df45227b11ffb3c38a7040d804e407cc3bbe6231b0acae4e8b2089001079feae3d2

    • SSDEEP

      3072:g6tgzPSutyNF/OjsOYDexBHWsKNZi8zz4nwTOan87d:0RyesOlBHZOZi8zzawTBn8J

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks