Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    61eb45e462738c0e3984137f0a6da5ec_JaffaCakes118

  • Size

    124KB

  • Sample

    240521-d9qyvsgg5t

  • MD5

    61eb45e462738c0e3984137f0a6da5ec

  • SHA1

    82f6201b9f0a77b4298861a1da4cce08b99afb55

  • SHA256

    64a4451cd02928f64713eda76180ed51914f03a349df777416cc1ea2dfbe1906

  • SHA512

    c43aaf6811475f46021ddbabb197c9133c442f17f71f949c1e1b34e532b0c18c9644a931fc6eb9d66e0b666794afa7cb8242c4c974552c514c80b9eb3c99b80b

  • SSDEEP

    3072:zClEDPzAWJJgekoUZXZqXVCAiM3GM+Zs:z8EDPz5LgIUZXZwEAd332

Malware Config

Extracted

Family

smokeloader

Botnet

VgU

Extracted

Family

smokeloader

Version

2018

C2

http://osetr.hk/css/

rc4.i32
rc4.i32

Targets

    • Target

      61eb45e462738c0e3984137f0a6da5ec_JaffaCakes118

    • Size

      124KB

    • MD5

      61eb45e462738c0e3984137f0a6da5ec

    • SHA1

      82f6201b9f0a77b4298861a1da4cce08b99afb55

    • SHA256

      64a4451cd02928f64713eda76180ed51914f03a349df777416cc1ea2dfbe1906

    • SHA512

      c43aaf6811475f46021ddbabb197c9133c442f17f71f949c1e1b34e532b0c18c9644a931fc6eb9d66e0b666794afa7cb8242c4c974552c514c80b9eb3c99b80b

    • SSDEEP

      3072:zClEDPzAWJJgekoUZXZqXVCAiM3GM+Zs:z8EDPz5LgIUZXZwEAd332

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks