Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0cdb3c1c13987b9206aff17db672f7de.exe

  • Size

    214KB

  • Sample

    231012-t72wcaeb52

  • MD5

    0cdb3c1c13987b9206aff17db672f7de

  • SHA1

    e1201e013a33a7267316ad56a644dcd19fb3ce4c

  • SHA256

    306c89756cc1899b6f76dd3e7b68dcb0b4581a152f14df79ff167f0627c85424

  • SHA512

    f936936ace302984e7d2494d2d8d2b018333b9ae8a635cfdf2028d57ffaff4c67507cb62d9848d1ad98d4e5b70fd8109b2a4b19b6fa1400578b25ead5eaf2423

  • SSDEEP

    6144:AjSjtrLocGy2hDyqmo6vU8H5vOuWcGTE:AgscGlkqm/lH5vb+

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Targets

    • Target

      0cdb3c1c13987b9206aff17db672f7de.exe

    • Size

      214KB

    • MD5

      0cdb3c1c13987b9206aff17db672f7de

    • SHA1

      e1201e013a33a7267316ad56a644dcd19fb3ce4c

    • SHA256

      306c89756cc1899b6f76dd3e7b68dcb0b4581a152f14df79ff167f0627c85424

    • SHA512

      f936936ace302984e7d2494d2d8d2b018333b9ae8a635cfdf2028d57ffaff4c67507cb62d9848d1ad98d4e5b70fd8109b2a4b19b6fa1400578b25ead5eaf2423

    • SSDEEP

      6144:AjSjtrLocGy2hDyqmo6vU8H5vOuWcGTE:AgscGlkqm/lH5vb+

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks