Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9c05dce1664efdebd968e2d431083cae75317cd52675bf4f615e264c3fa8ffaa

  • Size

    243KB

  • Sample

    231123-wq337acb3s

  • MD5

    821f30d3a5a5b9f7ef42d39c787a4f9b

  • SHA1

    f0b0271b425d8f36ef87e4f3c804f7c14dd9c7a3

  • SHA256

    9c05dce1664efdebd968e2d431083cae75317cd52675bf4f615e264c3fa8ffaa

  • SHA512

    eae6283f742649d62cc494fcd59d74c7b7816bec4dac59028a64dfcd5aaefae7a957ae09727d26fa857dd5e887e1d16235661ee8c6a9d2f42b83770f417f5da9

  • SSDEEP

    3072:ketkwgL/sgx35mw9ang0NJGTfb/XRNaBrSAMmMgDAQUpBwTy:GJT73MPng0NJGTfb/XD8MgDKBw

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      9c05dce1664efdebd968e2d431083cae75317cd52675bf4f615e264c3fa8ffaa

    • Size

      243KB

    • MD5

      821f30d3a5a5b9f7ef42d39c787a4f9b

    • SHA1

      f0b0271b425d8f36ef87e4f3c804f7c14dd9c7a3

    • SHA256

      9c05dce1664efdebd968e2d431083cae75317cd52675bf4f615e264c3fa8ffaa

    • SHA512

      eae6283f742649d62cc494fcd59d74c7b7816bec4dac59028a64dfcd5aaefae7a957ae09727d26fa857dd5e887e1d16235661ee8c6a9d2f42b83770f417f5da9

    • SSDEEP

      3072:ketkwgL/sgx35mw9ang0NJGTfb/XRNaBrSAMmMgDAQUpBwTy:GJT73MPng0NJGTfb/XD8MgDKBw

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks