Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3a06b876eaee93122ef5996379995a331fbeea28b0e381f27673e7d265e09f0d

  • Size

    178KB

  • Sample

    231029-v4cygsgf6s

  • MD5

    b3c0e085181ea65930563b625aee1669

  • SHA1

    01d04e8c83780329980801af9c2d41a0a8c4e03f

  • SHA256

    3a06b876eaee93122ef5996379995a331fbeea28b0e381f27673e7d265e09f0d

  • SHA512

    229de2573e251459bf21cda97ebc113a10a0d828027e8af7e28603dd7df547b40292a1ec1012872b81c8cd3cf9514846ac8d771039c72f1c4274edb5b4ce0383

  • SSDEEP

    3072:8pXXqZcm+GW2taY5Ppd+oqByyBgFYgrsUU/OoxATp:4XqP+GVUIbZqHBgOgrz6

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      3a06b876eaee93122ef5996379995a331fbeea28b0e381f27673e7d265e09f0d

    • Size

      178KB

    • MD5

      b3c0e085181ea65930563b625aee1669

    • SHA1

      01d04e8c83780329980801af9c2d41a0a8c4e03f

    • SHA256

      3a06b876eaee93122ef5996379995a331fbeea28b0e381f27673e7d265e09f0d

    • SHA512

      229de2573e251459bf21cda97ebc113a10a0d828027e8af7e28603dd7df547b40292a1ec1012872b81c8cd3cf9514846ac8d771039c72f1c4274edb5b4ce0383

    • SSDEEP

      3072:8pXXqZcm+GW2taY5Ppd+oqByyBgFYgrsUU/OoxATp:4XqP+GVUIbZqHBgOgrz6

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks