Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4155c038e9e3a850eb82d6cdb444229a1142f683ea9139f5eedd4b6d991788b9

  • Size

    216KB

  • Sample

    231113-fhkzmshe7z

  • MD5

    e0eccfd84eaf2fbf613069e17d085ba7

  • SHA1

    a68050f4716f17cb95423fe0f67aae22b1ab2a42

  • SHA256

    4155c038e9e3a850eb82d6cdb444229a1142f683ea9139f5eedd4b6d991788b9

  • SHA512

    3a834c1aa29660030a9ddb6f170a9c01cb8ec9371d5ef0e10bca3febf014ac442943b46844c1b58239c50a792c970288de347766cc04374bfa8bb955870c7c03

  • SSDEEP

    3072:CWVg843ejWZeqSodCu/vGWQLq/dJ4jOMbhZflMOfPbKzbvburZS:lO6yrEu/+H2/dJ4jOMFvMOHbYe

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      4155c038e9e3a850eb82d6cdb444229a1142f683ea9139f5eedd4b6d991788b9

    • Size

      216KB

    • MD5

      e0eccfd84eaf2fbf613069e17d085ba7

    • SHA1

      a68050f4716f17cb95423fe0f67aae22b1ab2a42

    • SHA256

      4155c038e9e3a850eb82d6cdb444229a1142f683ea9139f5eedd4b6d991788b9

    • SHA512

      3a834c1aa29660030a9ddb6f170a9c01cb8ec9371d5ef0e10bca3febf014ac442943b46844c1b58239c50a792c970288de347766cc04374bfa8bb955870c7c03

    • SSDEEP

      3072:CWVg843ejWZeqSodCu/vGWQLq/dJ4jOMbhZflMOfPbKzbvburZS:lO6yrEu/+H2/dJ4jOMFvMOHbYe

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks