Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    toolspub2.exe

  • Size

    264KB

  • Sample

    231113-p2djcadb72

  • MD5

    dcbd05276d11111f2dd2a7edf52e3386

  • SHA1

    f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec

  • SHA256

    cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4

  • SHA512

    5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

  • SSDEEP

    3072:MkULcl5ZxKJo8LwzbXyTi4UDcVpdLdKHJPOCv09I3i+9P7HbMsoOz1:LUa5p/bXyTi4iGTdAJ7pf0sv

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      toolspub2.exe

    • Size

      264KB

    • MD5

      dcbd05276d11111f2dd2a7edf52e3386

    • SHA1

      f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec

    • SHA256

      cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4

    • SHA512

      5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

    • SSDEEP

      3072:MkULcl5ZxKJo8LwzbXyTi4UDcVpdLdKHJPOCv09I3i+9P7HbMsoOz1:LUa5p/bXyTi4iGTdAJ7pf0sv

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks