Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    87dd69225560d8450047f1b8536d2eeb

  • Size

    335KB

  • Sample

    240201-2q7dhaaban

  • MD5

    87dd69225560d8450047f1b8536d2eeb

  • SHA1

    67bf606b4b3b34d7ef8ac5b1953ab1a7a8e7e33b

  • SHA256

    4c67be3bae55934bcd1d482461c9c6fcea941091d43adbcd512240f43c104b46

  • SHA512

    6a881c7e4fbbcd169e3ff0462a27a55576ebcc7b2adca851edee6c6a00a6e0d2b75b3ea696982a47558d65dad983a128a22ab65be0d7e6da79c1762f893233cf

  • SSDEEP

    3072:Xuc6DKv3aKonFR0RLQ2UHxqmMx/7btmA2yls2LK5JP6orhVE+R28raarSy:XujDKvWFR0BbKhMXs2iP6MDfR2C

Malware Config

Extracted

Family

smokeloader

Botnet

0308

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforjuly1.xyz/

http://readinglistforjuly2.xyz/

http://readinglistforjuly3.xyz/

http://readinglistforjuly4.xyz/

http://readinglistforjuly5.xyz/

http://readinglistforjuly6.xyz/

http://readinglistforjuly7.xyz/

http://readinglistforjuly8.xyz/

http://readinglistforjuly9.xyz/

http://readinglistforjuly10.xyz/

http://readinglistforjuly1.site/

http://readinglistforjuly2.site/

http://readinglistforjuly3.site/

http://readinglistforjuly4.site/

http://readinglistforjuly5.site/

http://readinglistforjuly6.site/

http://readinglistforjuly7.site/

http://readinglistforjuly8.site/

http://readinglistforjuly9.site/

http://readinglistforjuly10.site/

rc4.i32
rc4.i32

Targets

    • Target

      87dd69225560d8450047f1b8536d2eeb

    • Size

      335KB

    • MD5

      87dd69225560d8450047f1b8536d2eeb

    • SHA1

      67bf606b4b3b34d7ef8ac5b1953ab1a7a8e7e33b

    • SHA256

      4c67be3bae55934bcd1d482461c9c6fcea941091d43adbcd512240f43c104b46

    • SHA512

      6a881c7e4fbbcd169e3ff0462a27a55576ebcc7b2adca851edee6c6a00a6e0d2b75b3ea696982a47558d65dad983a128a22ab65be0d7e6da79c1762f893233cf

    • SSDEEP

      3072:Xuc6DKv3aKonFR0RLQ2UHxqmMx/7btmA2yls2LK5JP6orhVE+R28raarSy:XujDKvWFR0BbKhMXs2iP6MDfR2C

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks