Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    431333490dfa700b9932f52cededba2cabd18d951cbbee02a5910081c3466207

  • Size

    207KB

  • Sample

    231114-cedvdafh9w

  • MD5

    d8068ec5d28bfd029c0e6dd719620118

  • SHA1

    9cbae61a1750f2181edb6a2c8ebd4615a0ecd588

  • SHA256

    431333490dfa700b9932f52cededba2cabd18d951cbbee02a5910081c3466207

  • SHA512

    53956bed5e578dd58a5a789556223b66e5567911354235504bab6c0d5cf87d1e93de6f24a86ae3cafe51b31c7035db12baf54851d88fb29ee3729a32a6ef71f8

  • SSDEEP

    3072:sC4Z8i/3whM4M3wN17jakiuS86JSh/0YxA7mbfY6B:e/Au4MgN1H8uJ6JSh9vx

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      431333490dfa700b9932f52cededba2cabd18d951cbbee02a5910081c3466207

    • Size

      207KB

    • MD5

      d8068ec5d28bfd029c0e6dd719620118

    • SHA1

      9cbae61a1750f2181edb6a2c8ebd4615a0ecd588

    • SHA256

      431333490dfa700b9932f52cededba2cabd18d951cbbee02a5910081c3466207

    • SHA512

      53956bed5e578dd58a5a789556223b66e5567911354235504bab6c0d5cf87d1e93de6f24a86ae3cafe51b31c7035db12baf54851d88fb29ee3729a32a6ef71f8

    • SSDEEP

      3072:sC4Z8i/3whM4M3wN17jakiuS86JSh/0YxA7mbfY6B:e/Au4MgN1H8uJ6JSh9vx

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks