General

  • Size

    114KB

  • Sample

    201101-6gnva6fyd2

  • MD5

    691fd7196db9cbbf6e58d4c0d656f683

  • SHA1

    a93f25ecb21cf3d52e642dae8bd4dbd1fedd92a3

  • SHA256

    519e3d720651cf323bac097f605d9e708adb32b0c9bb17be15db77f8f94c462c

  • SHA512

    8ba13a49ac46083fe6dde169caee2c9ec0da7d726c3c717f697bf09b664782a538415f20e6dd725191ed9f0781b7c88eba7c3446a3818a655112fdc3cc08aa12

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://etasuklavish.today/

http://mragyzmachnobesdi.today/

http://kimchinikuzims.today/

http://slacvostinrius.today/

http://straponuliusyn.today/

http://grammmdinss.today/

http://viprasputinsd.chimkent.su/

http://lupadypa.dagestan.su/

http://stoknolimchin.exnet.su/

http://musaroprovadnikov.live/

http://teemforyourexprensiti.life/

http://stolkgolmishutich.termez.su/

http://roompampamgandish.wtf/

rc4.i32
rc4.i32

Extracted

Family

zloader

Botnet

r1

Campaign

r1

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      2020-11-01_21-26-29.bin

    • Size

      234KB

    • MD5

      dd22d3a34781601ebbe3020b7cd33356

    • SHA1

      567dd97232f0cf9ecec13f82ff894d9c9ee0d013

    • SHA256

      33fe9bbda8cc1dbaa70e85a203fb6a0ec2a82ce2edb0c5ac585be620e8b8a1b0

    • SHA512

      c6c4d353a76b1a0c35791c58935ec426d3d67c2133cffb5332c5ab71c5424f5ba1acf398fd210285676f5b838646192791f67a8edceddfa7e4b0722cbef39316

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation