Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1814254e3811acff9844c6ebb0e277e7

  • Size

    200KB

  • Sample

    231230-pbk6haecgl

  • MD5

    1814254e3811acff9844c6ebb0e277e7

  • SHA1

    640bca77ecb4732e30fac1cf472ddc15ddfdeb7c

  • SHA256

    23a1a874599265baa3f79327b0b6fd95be3ba38ef9f8c5c08acb3f4c1097d30c

  • SHA512

    00adbc85de2a3b6b516a10a56ef516deeeaffaf2d95a731e7f619662d3608485df1d5133124216ab61fadbf9b47c1ba642dcbfadcd510de9959d36051cd91c8b

  • SSDEEP

    3072:rGkSMcn7BK30vu5SSopa6hJQKtOgMRZafD4UA1bS:rG9MoBJhpaQ8bEcxbS

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforaugust1.xyz/

http://readinglistforaugust2.xyz/

http://readinglistforaugust3.xyz/

http://readinglistforaugust4.xyz/

http://readinglistforaugust5.xyz/

http://readinglistforaugust6.xyz/

http://readinglistforaugust7.xyz/

http://readinglistforaugust8.xyz/

http://readinglistforaugust9.xyz/

http://readinglistforaugust10.xyz/

http://readinglistforaugust1.site/

http://readinglistforaugust2.site/

http://readinglistforaugust3.site/

http://readinglistforaugust4.site/

http://readinglistforaugust5.site/

http://readinglistforaugust6.site/

http://readinglistforaugust7.site/

http://readinglistforaugust8.site/

http://readinglistforaugust9.site/

http://readinglistforaugust10.site/

rc4.i32
rc4.i32

Targets

    • Target

      1814254e3811acff9844c6ebb0e277e7

    • Size

      200KB

    • MD5

      1814254e3811acff9844c6ebb0e277e7

    • SHA1

      640bca77ecb4732e30fac1cf472ddc15ddfdeb7c

    • SHA256

      23a1a874599265baa3f79327b0b6fd95be3ba38ef9f8c5c08acb3f4c1097d30c

    • SHA512

      00adbc85de2a3b6b516a10a56ef516deeeaffaf2d95a731e7f619662d3608485df1d5133124216ab61fadbf9b47c1ba642dcbfadcd510de9959d36051cd91c8b

    • SSDEEP

      3072:rGkSMcn7BK30vu5SSopa6hJQKtOgMRZafD4UA1bS:rG9MoBJhpaQ8bEcxbS

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks