Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c66e4b57d2c218eb636b84b1b25324a341e88501718c3679cb5241479f8a5234

  • Size

    180KB

  • Sample

    231022-2b4n3ada9t

  • MD5

    f4e75c531a041e9c7de6fd603b6b20cf

  • SHA1

    3c133d66d030c1714e9dda13ccaf115e0f3b11a0

  • SHA256

    c66e4b57d2c218eb636b84b1b25324a341e88501718c3679cb5241479f8a5234

  • SHA512

    984bb16cdf21f639da65266415d38d1640c0a60445842c58e06a23fff67dc7e12a6c146d717802a221123c0745887e414331317696ef0771ae7775134dd4ada1

  • SSDEEP

    3072:vyBN6fxr6AgsSrXxq2phoPEFpbZYXdsLIKFyQX:+A+Ag/rX82pCPIadDK

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      c66e4b57d2c218eb636b84b1b25324a341e88501718c3679cb5241479f8a5234

    • Size

      180KB

    • MD5

      f4e75c531a041e9c7de6fd603b6b20cf

    • SHA1

      3c133d66d030c1714e9dda13ccaf115e0f3b11a0

    • SHA256

      c66e4b57d2c218eb636b84b1b25324a341e88501718c3679cb5241479f8a5234

    • SHA512

      984bb16cdf21f639da65266415d38d1640c0a60445842c58e06a23fff67dc7e12a6c146d717802a221123c0745887e414331317696ef0771ae7775134dd4ada1

    • SSDEEP

      3072:vyBN6fxr6AgsSrXxq2phoPEFpbZYXdsLIKFyQX:+A+Ag/rX82pCPIadDK

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks