Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.DropperX-gen.17769.5978.exe

  • Size

    274KB

  • Sample

    231006-ze99xaaa54

  • MD5

    b9fb5d09c9353294a07d3cbe9e3cdf32

  • SHA1

    360671e99ada386546ee2562b575f6d7e6fdcc76

  • SHA256

    d16581b77c0a19e06d4e612349abd154ee48f527933aa3ecc50c215c1cbadd95

  • SHA512

    b091d086eed013e91041a39b17863263325ecbd00ff31da097a583dc931b4f1816a0dec15210d46354fcf859b177286c0994b602db5cadc4db1e2c9d9afb912e

  • SSDEEP

    3072:hXRpnwP6V6EBlO39wH9ejw56C/pcTcKgoIcVTE8bA4l8KU:JR+PTEBlOA9Cw5Z/pcTzIcxE8r8K

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      SecuriteInfo.com.Win32.DropperX-gen.17769.5978.exe

    • Size

      274KB

    • MD5

      b9fb5d09c9353294a07d3cbe9e3cdf32

    • SHA1

      360671e99ada386546ee2562b575f6d7e6fdcc76

    • SHA256

      d16581b77c0a19e06d4e612349abd154ee48f527933aa3ecc50c215c1cbadd95

    • SHA512

      b091d086eed013e91041a39b17863263325ecbd00ff31da097a583dc931b4f1816a0dec15210d46354fcf859b177286c0994b602db5cadc4db1e2c9d9afb912e

    • SSDEEP

      3072:hXRpnwP6V6EBlO39wH9ejw56C/pcTcKgoIcVTE8bA4l8KU:JR+PTEBlOA9Cw5Z/pcTzIcxE8r8K

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks