Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1814254e3811acff9844c6ebb0e277e7
-
Size
200KB
-
Sample
231230-pbk6haecgl
-
MD5
1814254e3811acff9844c6ebb0e277e7
-
SHA1
640bca77ecb4732e30fac1cf472ddc15ddfdeb7c
-
SHA256
23a1a874599265baa3f79327b0b6fd95be3ba38ef9f8c5c08acb3f4c1097d30c
-
SHA512
00adbc85de2a3b6b516a10a56ef516deeeaffaf2d95a731e7f619662d3608485df1d5133124216ab61fadbf9b47c1ba642dcbfadcd510de9959d36051cd91c8b
-
SSDEEP
3072:rGkSMcn7BK30vu5SSopa6hJQKtOgMRZafD4UA1bS:rG9MoBJhpaQ8bEcxbS
Malware Config
Extracted
smokeloader
2020
http://readinglistforaugust1.xyz/
http://readinglistforaugust2.xyz/
http://readinglistforaugust3.xyz/
http://readinglistforaugust4.xyz/
http://readinglistforaugust5.xyz/
http://readinglistforaugust6.xyz/
http://readinglistforaugust7.xyz/
http://readinglistforaugust8.xyz/
http://readinglistforaugust9.xyz/
http://readinglistforaugust10.xyz/
http://readinglistforaugust1.site/
http://readinglistforaugust2.site/
http://readinglistforaugust3.site/
http://readinglistforaugust4.site/
http://readinglistforaugust5.site/
http://readinglistforaugust6.site/
http://readinglistforaugust7.site/
http://readinglistforaugust8.site/
http://readinglistforaugust9.site/
http://readinglistforaugust10.site/
Targets
-
-
Target
1814254e3811acff9844c6ebb0e277e7
-
Size
200KB
-
MD5
1814254e3811acff9844c6ebb0e277e7
-
SHA1
640bca77ecb4732e30fac1cf472ddc15ddfdeb7c
-
SHA256
23a1a874599265baa3f79327b0b6fd95be3ba38ef9f8c5c08acb3f4c1097d30c
-
SHA512
00adbc85de2a3b6b516a10a56ef516deeeaffaf2d95a731e7f619662d3608485df1d5133124216ab61fadbf9b47c1ba642dcbfadcd510de9959d36051cd91c8b
-
SSDEEP
3072:rGkSMcn7BK30vu5SSopa6hJQKtOgMRZafD4UA1bS:rG9MoBJhpaQ8bEcxbS
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself
-
Suspicious use of SetThreadContext
-