Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1a8aaf92ee3ae30b88a8b5bd43447c3d5b3f2642812d1e106729f8e352de6bd9

  • Size

    227KB

  • Sample

    231116-ztlvvsfe23

  • MD5

    78e1ca1572ad5b5111c103c59bb9bb38

  • SHA1

    9e169cc9eb2f0ea80396858eff0bf793bd589f16

  • SHA256

    1a8aaf92ee3ae30b88a8b5bd43447c3d5b3f2642812d1e106729f8e352de6bd9

  • SHA512

    86ca98952d87c54bc18754f2b92c14220f3b6d1054160d76d9d8be0205291039195ab0712e48dfb663a6e240f162cd221ac7847438631af11e0c99ed5a06c9a1

  • SSDEEP

    3072:Vwz1LtEGCHJtLKZZA62jYUDcBoLPJxlXROjSeJN1c:CLtEhp9Kw62hD8nj

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      1a8aaf92ee3ae30b88a8b5bd43447c3d5b3f2642812d1e106729f8e352de6bd9

    • Size

      227KB

    • MD5

      78e1ca1572ad5b5111c103c59bb9bb38

    • SHA1

      9e169cc9eb2f0ea80396858eff0bf793bd589f16

    • SHA256

      1a8aaf92ee3ae30b88a8b5bd43447c3d5b3f2642812d1e106729f8e352de6bd9

    • SHA512

      86ca98952d87c54bc18754f2b92c14220f3b6d1054160d76d9d8be0205291039195ab0712e48dfb663a6e240f162cd221ac7847438631af11e0c99ed5a06c9a1

    • SSDEEP

      3072:Vwz1LtEGCHJtLKZZA62jYUDcBoLPJxlXROjSeJN1c:CLtEhp9Kw62hD8nj

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks