Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e21bbd95c5421bd2cd0c8c190cd94512
-
Size
265KB
-
Sample
240327-tzgv7sbc6s
-
MD5
e21bbd95c5421bd2cd0c8c190cd94512
-
SHA1
8aaad57c43973fa4fd55a6a60d720a1a6f9db26e
-
SHA256
624c9abe8fdaaaabdfb8f705176149ce012206df79663236d3f1690e82cd658c
-
SHA512
9ef95f05d06b4aaf2bdbfd5e24e4b9f66f7f780b4c8d20f29b3c2d980528a7590b073790b0ab98cf4573dc7a83f4415ce78d97cc908611222dea744eefebd260
-
SSDEEP
6144:IHETFtEJ/A0GLZ2d0c2AVx2AxvqCe5Nug6a65pOLQ:Z7EJ/A062d0PAte5qp
Malware Config
Extracted
smokeloader
7777
Extracted
smokeloader
2020
http://fioajfoiarjfoi1.xyz/
http://rdukhnihioh2.xyz/
http://sdfghjklemm3.xyz/
http://eruiopijhgnn4.xyz/
http://igbyugfwbwb5.xyz/
http://shfuhfuwhhc6.xyz/
http://ersyglhjkuij7.xyz/
http://ygyguguuju8.store/
http://resbkjpokfct9.store/
http://sdfygfygu10.store/
http://hbibhibihnj11.store/
http://vfwlkjhbghg12.store/
http://poiuytrcvb13.store/
http://xsedfgtbh14.store/
http://iknhyghggh15.store/
http://wnlonevkiju16.site/
http://gfyufuhhihioh17.site/
http://nsgiuwrevi18.site/
http://oiureveiuv19.site/
http://ovrnevnriuen20.site/
Targets
-
-
Target
e21bbd95c5421bd2cd0c8c190cd94512
-
Size
265KB
-
MD5
e21bbd95c5421bd2cd0c8c190cd94512
-
SHA1
8aaad57c43973fa4fd55a6a60d720a1a6f9db26e
-
SHA256
624c9abe8fdaaaabdfb8f705176149ce012206df79663236d3f1690e82cd658c
-
SHA512
9ef95f05d06b4aaf2bdbfd5e24e4b9f66f7f780b4c8d20f29b3c2d980528a7590b073790b0ab98cf4573dc7a83f4415ce78d97cc908611222dea744eefebd260
-
SSDEEP
6144:IHETFtEJ/A0GLZ2d0c2AVx2AxvqCe5Nug6a65pOLQ:Z7EJ/A062d0PAte5qp
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-