Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

8dec86d0a0...c0.exe

windows7-x64

10

8dec86d0a0...c0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59a27d0654c9e71e0c02b512d45bd6ad7190f618d31349dd7617670ce6ad446d

  • Size

    153KB

  • Sample

    240417-rhw8fsbc63

  • MD5

    b7ef6ca27740f9340b1846897fbe3168

  • SHA1

    a6a7683dec7170f2bef86a5547a6051ad48a18c1

  • SHA256

    59a27d0654c9e71e0c02b512d45bd6ad7190f618d31349dd7617670ce6ad446d

  • SHA512

    da7ee70350b86843f2517a3187187601635655f447cde78b142ab2e20db6815098aaac61ccb4c975606decb73542bb1a7bea2abb9f410fb0def5d100681de51a

  • SSDEEP

    3072:wN3y6q2OmOqbBDaS1d9EbECrv/OpdIA/NLVJ7yeRQ5:wNiIOmNDdybvrv/q/PJ7yeRm

Score
10/10
smokeloaderpub1backdoorpersistencetrojanvmprotect

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php
rc4.i32
rc4.i32

Targets

    • Target

      8dec86d0a0c4034b6d688a0610742694517e0d31939c53db11b898c0ba7315c0.exe

    • Size

      259KB

    • MD5

      117a962cde2568514649b76a004190f1

    • SHA1

      e92ab6267e005eb78bac3c13b9de881b726bc7f2

    • SHA256

      8dec86d0a0c4034b6d688a0610742694517e0d31939c53db11b898c0ba7315c0

    • SHA512

      a2eb2cd551bea8eead2cc7cf17dd91849395c475f329e9bd47ff4ebab8aff0c9a1e33921e4fc6af9ca762b6c80c48056b8991f8813b7e19a7eca4dfb0914041d

    • SSDEEP

      3072:15QiI6J/iVo/QgheGRdWfPy0R9gSMGFwLh4+giekZXfSg55xGT+yx:1gVo/Qgp+lR9g+OhlRR9qwxGT

    Score
    10/10
    smokeloaderpub1backdoorpersistencetrojanvmprotect

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks