Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.dfa1030b49da1997953542e47d394a5e3327ce225bc779a20a93f3f1ea7502f4_JC.exe

  • Size

    363KB

  • Sample

    231006-tlq7qaec5s

  • MD5

    dccb60fb185d8098f3844b5d5777a045

  • SHA1

    2b8e3b905310d713a443b844e110dbb71359b09c

  • SHA256

    dfa1030b49da1997953542e47d394a5e3327ce225bc779a20a93f3f1ea7502f4

  • SHA512

    edb8ee6fda1764a2958e9b932828e579c2408cdd29919331f461a02107d01be48d3e03f51329410630c614d933302b4df380efe38616cdaa7754cd267d566639

  • SSDEEP

    3072:wwH52YRs4UEbwIeG+p1C3nIsP3ozz6rRZ+pr4/lGW/o2xNbr7ZwVRU/qIUgd1Uvc:tEYC4UmwIeG/I+3Ks/UC7ZwV8Pyo

Malware Config

Extracted

Family

smokeloader

Botnet

0024

Extracted

Family

smokeloader

Version

2022

C2

https://utah-saints.com/search.php

https://atlanta-newspaper.com/search.php

rc4.i32
rc4.i32

Targets

    • Target

      NEAS.dfa1030b49da1997953542e47d394a5e3327ce225bc779a20a93f3f1ea7502f4_JC.exe

    • Size

      363KB

    • MD5

      dccb60fb185d8098f3844b5d5777a045

    • SHA1

      2b8e3b905310d713a443b844e110dbb71359b09c

    • SHA256

      dfa1030b49da1997953542e47d394a5e3327ce225bc779a20a93f3f1ea7502f4

    • SHA512

      edb8ee6fda1764a2958e9b932828e579c2408cdd29919331f461a02107d01be48d3e03f51329410630c614d933302b4df380efe38616cdaa7754cd267d566639

    • SSDEEP

      3072:wwH52YRs4UEbwIeG+p1C3nIsP3ozz6rRZ+pr4/lGW/o2xNbr7ZwVRU/qIUgd1Uvc:tEYC4UmwIeG/I+3Ks/UC7ZwV8Pyo

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks