Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e95214656acb2a32785bab443eaaef6775bf1c2d76aa6280e3c71652ba7ce9fa

  • Size

    189KB

  • Sample

    231211-vfcykscehl

  • MD5

    4bd8435d67e1d0caa2265fe5e39de11a

  • SHA1

    ee50fc61b1ed29567b8894d37ac134fcc95c2175

  • SHA256

    e95214656acb2a32785bab443eaaef6775bf1c2d76aa6280e3c71652ba7ce9fa

  • SHA512

    725853815f5d47e7b744c99b840477e2d87a60db1ff149d4daf38025b253f923f81fd9f95e872cddacb488a11d551ba2090bdf701b4a42c7926fc8ef56706bd2

  • SSDEEP

    3072:PJW9jLf7N1GYdcDX3kp4LB+swCAW8Qg9yTQMUFaGLNzP5lnq:M9jLzN19cYpuBYIwWQ54s

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      e95214656acb2a32785bab443eaaef6775bf1c2d76aa6280e3c71652ba7ce9fa

    • Size

      189KB

    • MD5

      4bd8435d67e1d0caa2265fe5e39de11a

    • SHA1

      ee50fc61b1ed29567b8894d37ac134fcc95c2175

    • SHA256

      e95214656acb2a32785bab443eaaef6775bf1c2d76aa6280e3c71652ba7ce9fa

    • SHA512

      725853815f5d47e7b744c99b840477e2d87a60db1ff149d4daf38025b253f923f81fd9f95e872cddacb488a11d551ba2090bdf701b4a42c7926fc8ef56706bd2

    • SSDEEP

      3072:PJW9jLf7N1GYdcDX3kp4LB+swCAW8Qg9yTQMUFaGLNzP5lnq:M9jLzN19cYpuBYIwWQ54s

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks