Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    facd4f399d7780e91bd35c0bb4dba45a5bec6b9c3054c03ef5af6ffd76f4f51d

  • Size

    241KB

  • Sample

    231015-2dkc7scg38

  • MD5

    8b1e634e615595bd727303263f4b3d65

  • SHA1

    d4bc34717ecf8e2d75e139615128682e20e440c3

  • SHA256

    facd4f399d7780e91bd35c0bb4dba45a5bec6b9c3054c03ef5af6ffd76f4f51d

  • SHA512

    64fabb989181da2fc82fbd672e7e3aaf08ca34ce414eb0b35454334130a118e00d592b17607bc7ddedfdba00d809d3183a489acb4923a610c8cb8bd0736e8605

  • SSDEEP

    3072:DQ1GcSTl5MCYLTwvfBXeiPUtWo457MtBI7qN:uGXTTYvmfBX/PUXOMt

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      facd4f399d7780e91bd35c0bb4dba45a5bec6b9c3054c03ef5af6ffd76f4f51d

    • Size

      241KB

    • MD5

      8b1e634e615595bd727303263f4b3d65

    • SHA1

      d4bc34717ecf8e2d75e139615128682e20e440c3

    • SHA256

      facd4f399d7780e91bd35c0bb4dba45a5bec6b9c3054c03ef5af6ffd76f4f51d

    • SHA512

      64fabb989181da2fc82fbd672e7e3aaf08ca34ce414eb0b35454334130a118e00d592b17607bc7ddedfdba00d809d3183a489acb4923a610c8cb8bd0736e8605

    • SSDEEP

      3072:DQ1GcSTl5MCYLTwvfBXeiPUtWo457MtBI7qN:uGXTTYvmfBX/PUXOMt

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks