Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9d35150a447696b7c6d5bcf71ff97de4738e5ec528819f537f47e565b9ba14a4

  • Size

    215KB

  • Sample

    231012-feqeysff9w

  • MD5

    9b75c8d33264c955cddacd6e6f8ed53f

  • SHA1

    e957af9fe51eff34d62b7c9190d695554f8bf398

  • SHA256

    9d35150a447696b7c6d5bcf71ff97de4738e5ec528819f537f47e565b9ba14a4

  • SHA512

    561d606863e9a73430c9fbd437d219a00b403f40f6c1bb7fc6905eec790b74496d31f6c51e9240a559f8549240be8e2919725874fd9c25568866fa8fcf623e24

  • SSDEEP

    3072:6XyY+u/FEpBt5pxygeCP4Xy7iNvfPnO905Fv8YOzT:a7+CCp3XlNwXy7yPnOaUY

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      9d35150a447696b7c6d5bcf71ff97de4738e5ec528819f537f47e565b9ba14a4

    • Size

      215KB

    • MD5

      9b75c8d33264c955cddacd6e6f8ed53f

    • SHA1

      e957af9fe51eff34d62b7c9190d695554f8bf398

    • SHA256

      9d35150a447696b7c6d5bcf71ff97de4738e5ec528819f537f47e565b9ba14a4

    • SHA512

      561d606863e9a73430c9fbd437d219a00b403f40f6c1bb7fc6905eec790b74496d31f6c51e9240a559f8549240be8e2919725874fd9c25568866fa8fcf623e24

    • SSDEEP

      3072:6XyY+u/FEpBt5pxygeCP4Xy7iNvfPnO905Fv8YOzT:a7+CCp3XlNwXy7yPnOaUY

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks