Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e21bbd95c5421bd2cd0c8c190cd94512

  • Size

    265KB

  • Sample

    240327-tzgv7sbc6s

  • MD5

    e21bbd95c5421bd2cd0c8c190cd94512

  • SHA1

    8aaad57c43973fa4fd55a6a60d720a1a6f9db26e

  • SHA256

    624c9abe8fdaaaabdfb8f705176149ce012206df79663236d3f1690e82cd658c

  • SHA512

    9ef95f05d06b4aaf2bdbfd5e24e4b9f66f7f780b4c8d20f29b3c2d980528a7590b073790b0ab98cf4573dc7a83f4415ce78d97cc908611222dea744eefebd260

  • SSDEEP

    6144:IHETFtEJ/A0GLZ2d0c2AVx2AxvqCe5Nug6a65pOLQ:Z7EJ/A062d0PAte5qp

Malware Config

Extracted

Family

smokeloader

Botnet

7777

Extracted

Family

smokeloader

Version

2020

C2

http://fioajfoiarjfoi1.xyz/

http://rdukhnihioh2.xyz/

http://sdfghjklemm3.xyz/

http://eruiopijhgnn4.xyz/

http://igbyugfwbwb5.xyz/

http://shfuhfuwhhc6.xyz/

http://ersyglhjkuij7.xyz/

http://ygyguguuju8.store/

http://resbkjpokfct9.store/

http://sdfygfygu10.store/

http://hbibhibihnj11.store/

http://vfwlkjhbghg12.store/

http://poiuytrcvb13.store/

http://xsedfgtbh14.store/

http://iknhyghggh15.store/

http://wnlonevkiju16.site/

http://gfyufuhhihioh17.site/

http://nsgiuwrevi18.site/

http://oiureveiuv19.site/

http://ovrnevnriuen20.site/

rc4.i32
rc4.i32

Targets

    • Target

      e21bbd95c5421bd2cd0c8c190cd94512

    • Size

      265KB

    • MD5

      e21bbd95c5421bd2cd0c8c190cd94512

    • SHA1

      8aaad57c43973fa4fd55a6a60d720a1a6f9db26e

    • SHA256

      624c9abe8fdaaaabdfb8f705176149ce012206df79663236d3f1690e82cd658c

    • SHA512

      9ef95f05d06b4aaf2bdbfd5e24e4b9f66f7f780b4c8d20f29b3c2d980528a7590b073790b0ab98cf4573dc7a83f4415ce78d97cc908611222dea744eefebd260

    • SSDEEP

      6144:IHETFtEJ/A0GLZ2d0c2AVx2AxvqCe5Nug6a65pOLQ:Z7EJ/A062d0PAte5qp

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks