Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5d8340b6290134837984a8bcea62f914d1e8fd9dcaf3f29021477f5a1283251f

  • Size

    244KB

  • Sample

    231116-qt7mwsdd9s

  • MD5

    4137b230bb95d9e8cab423efba2d9fb8

  • SHA1

    998c7fbe1ed9f6e9951241ba6d9b7b42b2a24485

  • SHA256

    5d8340b6290134837984a8bcea62f914d1e8fd9dcaf3f29021477f5a1283251f

  • SHA512

    a1751a39818d2d3c2676fde8c58231d1a482f563754546fca5edb4d7a8b095d423ea97595ef11eed8cdf90324b349524c02a84dd6d9a1d6d6685c8987e95bb49

  • SSDEEP

    3072:jM8XmLvF4vCCgH7vfwI20nWi3gcGkcb7M2aIG4RmxKIBP4Ksikn:wvLvFIgbvfAGDwqcb7MSuQIBZ6

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      5d8340b6290134837984a8bcea62f914d1e8fd9dcaf3f29021477f5a1283251f

    • Size

      244KB

    • MD5

      4137b230bb95d9e8cab423efba2d9fb8

    • SHA1

      998c7fbe1ed9f6e9951241ba6d9b7b42b2a24485

    • SHA256

      5d8340b6290134837984a8bcea62f914d1e8fd9dcaf3f29021477f5a1283251f

    • SHA512

      a1751a39818d2d3c2676fde8c58231d1a482f563754546fca5edb4d7a8b095d423ea97595ef11eed8cdf90324b349524c02a84dd6d9a1d6d6685c8987e95bb49

    • SSDEEP

      3072:jM8XmLvF4vCCgH7vfwI20nWi3gcGkcb7M2aIG4RmxKIBP4Ksikn:wvLvFIgbvfAGDwqcb7MSuQIBZ6

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks