Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
150e9ffdac7f2361c2efa735929aa268.exe
-
Size
776KB
-
Sample
240508-rz96msbf92
-
MD5
150e9ffdac7f2361c2efa735929aa268
-
SHA1
3ed43e5fb5cd202d91fe31c4a0f8674e5fdb0759
-
SHA256
d54259b35ece6e39b159317128bfd62f88abbaadd92537379c4bae078e82fe69
-
SHA512
a56ef522fab3213f2f1d5a15d92615f0a039bf8f8c113e36e38f254b6d58185e5aa0449384d15ac52f1f6ac8d07159ac05d245926fba14ac61462e0911cb39a3
-
SSDEEP
24576:pMwUwtgszGQgXxHjejMOlF3NdRruHycftxFA:pMwhd0SZlp/YtTA
Malware Config
Extracted
smokeloader
2022
http://cellc.org/tmp/index.php
http://h-c-v.ru/tmp/index.php
http://icebrasilpr.com/tmp/index.php
http://piratia-life.ru/tmp/index.php
http://piratia.su/tmp/index.php
Extracted
smokeloader
pub2
Targets
-
-
Target
150e9ffdac7f2361c2efa735929aa268.exe
-
Size
776KB
-
MD5
150e9ffdac7f2361c2efa735929aa268
-
SHA1
3ed43e5fb5cd202d91fe31c4a0f8674e5fdb0759
-
SHA256
d54259b35ece6e39b159317128bfd62f88abbaadd92537379c4bae078e82fe69
-
SHA512
a56ef522fab3213f2f1d5a15d92615f0a039bf8f8c113e36e38f254b6d58185e5aa0449384d15ac52f1f6ac8d07159ac05d245926fba14ac61462e0911cb39a3
-
SSDEEP
24576:pMwUwtgszGQgXxHjejMOlF3NdRruHycftxFA:pMwhd0SZlp/YtTA
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-