Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JC_29bec00a5349dd65a067a12bf5f746300332d2556692995bf8ac0f5d247101e0

  • Size

    215KB

  • Sample

    231012-ss6qbaaf44

  • MD5

    aeaba9864af82dba52386aa480b035db

  • SHA1

    39525b8cbe1eb7888bcc8a7c89178e2a331ca8d1

  • SHA256

    29bec00a5349dd65a067a12bf5f746300332d2556692995bf8ac0f5d247101e0

  • SHA512

    d741fde2b23975d75314a76a30294854cbc24f0367a2cde28632dca4a13bf6d9b3a0a4625ceb30b5d54cb96cea079823fc0b03045cbd88e3b544943e6d5f5626

  • SSDEEP

    6144:KbrUNeLXSeU6+2ih4GWWP/EyhJ/TqOTk:K7+eU69iOIBMG

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      JC_29bec00a5349dd65a067a12bf5f746300332d2556692995bf8ac0f5d247101e0

    • Size

      215KB

    • MD5

      aeaba9864af82dba52386aa480b035db

    • SHA1

      39525b8cbe1eb7888bcc8a7c89178e2a331ca8d1

    • SHA256

      29bec00a5349dd65a067a12bf5f746300332d2556692995bf8ac0f5d247101e0

    • SHA512

      d741fde2b23975d75314a76a30294854cbc24f0367a2cde28632dca4a13bf6d9b3a0a4625ceb30b5d54cb96cea079823fc0b03045cbd88e3b544943e6d5f5626

    • SSDEEP

      6144:KbrUNeLXSeU6+2ih4GWWP/EyhJ/TqOTk:K7+eU69iOIBMG

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks