Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b2843f650b2dad5ef0013b57f06cd51763f62365cf2c8db59fc2cad126dad682exe_JC.exe
-
Size
277KB
-
Sample
231012-1nf8vsdh83
-
MD5
deb9302060c7ff8df9216a531ce7f447
-
SHA1
dddf7bc6246bd26e222c630c090871ecb7fd1985
-
SHA256
b2843f650b2dad5ef0013b57f06cd51763f62365cf2c8db59fc2cad126dad682
-
SHA512
3fd840fb7bdee69c3f9b05beb1986792560246307fb167e394d90bd9d5c24dff7cd63d21467a954221f34ed742fae1d6b0252811a6405df6ebc15a95031f7856
-
SSDEEP
3072:0af0kPlr7aoj/CQiVCynGWZ8GV0lMECipao9rkI4mKhW:jPPlr+RQiw2v8c0lMEbxrkIC
Static task
static1
Behavioral task
behavioral1
Sample
b2843f650b2dad5ef0013b57f06cd51763f62365cf2c8db59fc2cad126dad682exe_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
b2843f650b2dad5ef0013b57f06cd51763f62365cf2c8db59fc2cad126dad682exe_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://taibi.at/tmp/
http://01stroy.ru/tmp/
http://mal-net.com/tmp/
http://gromograd.ru/tmp/
http://kingpirate.ru/tmp/
Targets
-
-
Target
b2843f650b2dad5ef0013b57f06cd51763f62365cf2c8db59fc2cad126dad682exe_JC.exe
-
Size
277KB
-
MD5
deb9302060c7ff8df9216a531ce7f447
-
SHA1
dddf7bc6246bd26e222c630c090871ecb7fd1985
-
SHA256
b2843f650b2dad5ef0013b57f06cd51763f62365cf2c8db59fc2cad126dad682
-
SHA512
3fd840fb7bdee69c3f9b05beb1986792560246307fb167e394d90bd9d5c24dff7cd63d21467a954221f34ed742fae1d6b0252811a6405df6ebc15a95031f7856
-
SSDEEP
3072:0af0kPlr7aoj/CQiVCynGWZ8GV0lMECipao9rkI4mKhW:jPPlr+RQiw2v8c0lMEbxrkIC
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-