General
-
Target
asdf.rtf
-
Size
2.3MB
-
Sample
201028-svr7gh1tgj
-
MD5
c99321eebd53d1881ced20ddd1dbfda0
-
SHA1
db66a0c3cd32f56f68f9386cf017e39cce3dbe60
-
SHA256
88c9417d5fc9539878eff56ea8d6105711a383a15a1dc54b6918016f25880120
-
SHA512
2b3d20fc907302b9ea7bd893f684a12739ffd67586a649ebcff0a39619374fe0bb90ccb6cb055e1788c950ef58dc7547454cd1ad348a483b8400ab86509161bb
Malware Config
Extracted
httPs://paste.ee/r/DUMRL
httPs://paste.ee/r/wWuSK
Extracted
smokeloader
2020
https://www.bristell.com/files/index.php
Targets
-
-
Target
asdf.rtf
-
Size
2.3MB
-
MD5
c99321eebd53d1881ced20ddd1dbfda0
-
SHA1
db66a0c3cd32f56f68f9386cf017e39cce3dbe60
-
SHA256
88c9417d5fc9539878eff56ea8d6105711a383a15a1dc54b6918016f25880120
-
SHA512
2b3d20fc907302b9ea7bd893f684a12739ffd67586a649ebcff0a39619374fe0bb90ccb6cb055e1788c950ef58dc7547454cd1ad348a483b8400ab86509161bb
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-