Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3d382d91d49a8f3fceef35c22c803874dd06c1ed2d03c879be812dbd7697eb10

  • Size

    261KB

  • Sample

    231016-hbychacc2w

  • MD5

    436048372a2bca77f131ccbd2470ef82

  • SHA1

    22c1286dd2a4753ab175c5b7f92612efbb22401b

  • SHA256

    3d382d91d49a8f3fceef35c22c803874dd06c1ed2d03c879be812dbd7697eb10

  • SHA512

    d29be53418750f22f9f88cd2f005368461a68586fb90ff036b49dad3d7795860c6bc2fddf48d1bd69eff1ab5ff926b09200a5b4feaf4df482cb8882526435679

  • SSDEEP

    3072:dBNqWJvlXwzRy1MNR7EKHUoaxyVpDnUCMlD0t55BSkdi:jtXwdy1CR7EKHUkVlnBF55

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      3d382d91d49a8f3fceef35c22c803874dd06c1ed2d03c879be812dbd7697eb10

    • Size

      261KB

    • MD5

      436048372a2bca77f131ccbd2470ef82

    • SHA1

      22c1286dd2a4753ab175c5b7f92612efbb22401b

    • SHA256

      3d382d91d49a8f3fceef35c22c803874dd06c1ed2d03c879be812dbd7697eb10

    • SHA512

      d29be53418750f22f9f88cd2f005368461a68586fb90ff036b49dad3d7795860c6bc2fddf48d1bd69eff1ab5ff926b09200a5b4feaf4df482cb8882526435679

    • SSDEEP

      3072:dBNqWJvlXwzRy1MNR7EKHUoaxyVpDnUCMlD0t55BSkdi:jtXwdy1CR7EKHUkVlnBF55

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks