Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7453bb68d8921b170fbf7e26c799d2c8ecd2d1e85c5cd41e2a923bd4bdb1089b

  • Size

    288KB

  • Sample

    231007-t7capagb33

  • MD5

    a684e33bf6d9c070e5f4e9c16b06eefb

  • SHA1

    319adf4911e2e170516a06602381ea217e295248

  • SHA256

    7453bb68d8921b170fbf7e26c799d2c8ecd2d1e85c5cd41e2a923bd4bdb1089b

  • SHA512

    d95edccac0028c6f8197ffb77b7cec58ae8e4cf341c9c2f43aeb7c7702ad48d7c2f91fb8d9f9399f9ac7574264993f274ea232ec587801fc147fc578ad9564d3

  • SSDEEP

    3072:qLZGaRdWCJ++SxtINq5l6HsvMIj2A5k1iOeRE4Ut7pKK3F4a:QGmWh+Sxs4l6eBjNwmE4UtDF

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      7453bb68d8921b170fbf7e26c799d2c8ecd2d1e85c5cd41e2a923bd4bdb1089b

    • Size

      288KB

    • MD5

      a684e33bf6d9c070e5f4e9c16b06eefb

    • SHA1

      319adf4911e2e170516a06602381ea217e295248

    • SHA256

      7453bb68d8921b170fbf7e26c799d2c8ecd2d1e85c5cd41e2a923bd4bdb1089b

    • SHA512

      d95edccac0028c6f8197ffb77b7cec58ae8e4cf341c9c2f43aeb7c7702ad48d7c2f91fb8d9f9399f9ac7574264993f274ea232ec587801fc147fc578ad9564d3

    • SSDEEP

      3072:qLZGaRdWCJ++SxtINq5l6HsvMIj2A5k1iOeRE4Ut7pKK3F4a:QGmWh+Sxs4l6eBjNwmE4UtDF

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks