Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a40f5d4fa7c449ca99ffe9191ef03988bin_JC.zip

  • Size

    141KB

  • Sample

    231012-1pe27aea38

  • MD5

    1b7c119279692c14c6cdddfedd5bbf67

  • SHA1

    070faa96665ce5d4a1d0ca6c750c2248dee953d9

  • SHA256

    1a6c3e57351b99900e332eb2784131323d71d9f4163cdcb09edaf1d348a249f6

  • SHA512

    2c8576e7a59ae8899aee60ee5266173c62ab76b8f34653aa98572b9736cefcb7384e7479e15b4947033daa5099c27ec6e4eff828aa14b8f367f3c2089417905c

  • SSDEEP

    3072:fS4R4ojaS5/pwSfKzBR6kgMtgU80l6bMvqG/i5US+mSIhZKDW:fqo75/qSyBR5vy0iMCoSATIhd

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      7a3ed98aad8f0e6cc774200cdc7b35b86bffdb5f5ce23e8750acb0945d3c78fd.exe

    • Size

      267KB

    • MD5

      a40f5d4fa7c449ca99ffe9191ef03988

    • SHA1

      1ecb44d3f7b583463785ba03e57c85d6f452f98e

    • SHA256

      7a3ed98aad8f0e6cc774200cdc7b35b86bffdb5f5ce23e8750acb0945d3c78fd

    • SHA512

      c60aa310ee7f5ca87f4b17375da8c18314b26307a131cf0ea0548caabc760b2d30d83c26742f10a1588a92a840365f54cfd5833deb529275de4403cf8be50822

    • SSDEEP

      6144:QqN+ovUltzqjf2ld/OdtHnhGrJCfH+XQ:QD4UHzU8IHhuoi

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks