Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    571f30eb53639b2170d8c402366265d0282f8a86edf438061bdb8e6a67eaaf56

  • Size

    250KB

  • Sample

    231115-tpvpbade41

  • MD5

    c8a0ee4462f8e5b7e74d449f09d05056

  • SHA1

    aecde6f16902cb6271a0690c3f8df9841d956905

  • SHA256

    571f30eb53639b2170d8c402366265d0282f8a86edf438061bdb8e6a67eaaf56

  • SHA512

    59f025a0dc488eeca902af1495c56414128822c60de9264b8a9b1f7444e9115cd6997323326c2902899d949cfc9cb909bf3abb9162a0911a390e42fcba4dc0d9

  • SSDEEP

    3072:E/tnLuU8Vq3NKrTBXkMFtheWQSZrVLR2PFco9CRU:aNLur83IrlXxFthkPF

Malware Config

Extracted

Family

smokeloader

Botnet

up4

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-file0.com/

http://file-file-file1.com/

rc4.i32
rc4.i32

Targets

    • Target

      571f30eb53639b2170d8c402366265d0282f8a86edf438061bdb8e6a67eaaf56

    • Size

      250KB

    • MD5

      c8a0ee4462f8e5b7e74d449f09d05056

    • SHA1

      aecde6f16902cb6271a0690c3f8df9841d956905

    • SHA256

      571f30eb53639b2170d8c402366265d0282f8a86edf438061bdb8e6a67eaaf56

    • SHA512

      59f025a0dc488eeca902af1495c56414128822c60de9264b8a9b1f7444e9115cd6997323326c2902899d949cfc9cb909bf3abb9162a0911a390e42fcba4dc0d9

    • SSDEEP

      3072:E/tnLuU8Vq3NKrTBXkMFtheWQSZrVLR2PFco9CRU:aNLur83IrlXxFthkPF

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Modifies Installed Components in the registry

    • Deletes itself

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks