Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e9a3db801f783d3bc66e6bf8b7178a8cbbc0b2821239331a89ab00d54bd073c6

  • Size

    265KB

  • Sample

    231102-1agbpshg69

  • MD5

    6a37c70cf1e7357ae43a87b48cb80ba2

  • SHA1

    38a6b883bd0f26fd10a5663f77db92e3f8f72f30

  • SHA256

    e9a3db801f783d3bc66e6bf8b7178a8cbbc0b2821239331a89ab00d54bd073c6

  • SHA512

    503ab9584732421a34f2694fefc0203ac0680c6c1ab17b8d7fbecb35be6630658d84d7aa942295efaa9cea4f344506f3366fbdd4efa7cca6aec5d9bc3364b366

  • SSDEEP

    3072:R9f9U5AI/vxatikvoovtDKEs4cMblhxn0d0aGuMOGkxprt5:RoLvxNkvbvp7Tb9npwGepr

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      e9a3db801f783d3bc66e6bf8b7178a8cbbc0b2821239331a89ab00d54bd073c6

    • Size

      265KB

    • MD5

      6a37c70cf1e7357ae43a87b48cb80ba2

    • SHA1

      38a6b883bd0f26fd10a5663f77db92e3f8f72f30

    • SHA256

      e9a3db801f783d3bc66e6bf8b7178a8cbbc0b2821239331a89ab00d54bd073c6

    • SHA512

      503ab9584732421a34f2694fefc0203ac0680c6c1ab17b8d7fbecb35be6630658d84d7aa942295efaa9cea4f344506f3366fbdd4efa7cca6aec5d9bc3364b366

    • SSDEEP

      3072:R9f9U5AI/vxatikvoovtDKEs4cMblhxn0d0aGuMOGkxprt5:RoLvxNkvbvp7Tb9npwGepr

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks