Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a8271bde9b3cc677a4bc50a97deef7b9ce06d14b6a66ec6a8ee45e02e85db0a6

  • Size

    284KB

  • Sample

    231007-pty53scc6s

  • MD5

    f8fc1a1c58436919bc933c0ff8371491

  • SHA1

    a8a3248892ea6ac1fa505be1e45c8816ae20c9ee

  • SHA256

    a8271bde9b3cc677a4bc50a97deef7b9ce06d14b6a66ec6a8ee45e02e85db0a6

  • SHA512

    1731602c68991a3567d09981ed2d4fbffec1579fc4d83e09c70cd81a242c911459b57e049647572b85cc44646ddf15241e67a83d8f495c5bbf7a2087d415c017

  • SSDEEP

    3072:56ZT9ZIaPPpwlKn/4LVkjPNOi5VXOnEUsodREZmow:0TZ3PPpwl606T4iPXOnHfd4m

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      a8271bde9b3cc677a4bc50a97deef7b9ce06d14b6a66ec6a8ee45e02e85db0a6

    • Size

      284KB

    • MD5

      f8fc1a1c58436919bc933c0ff8371491

    • SHA1

      a8a3248892ea6ac1fa505be1e45c8816ae20c9ee

    • SHA256

      a8271bde9b3cc677a4bc50a97deef7b9ce06d14b6a66ec6a8ee45e02e85db0a6

    • SHA512

      1731602c68991a3567d09981ed2d4fbffec1579fc4d83e09c70cd81a242c911459b57e049647572b85cc44646ddf15241e67a83d8f495c5bbf7a2087d415c017

    • SSDEEP

      3072:56ZT9ZIaPPpwlKn/4LVkjPNOi5VXOnEUsodREZmow:0TZ3PPpwl606T4iPXOnHfd4m

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks