General

  • Size

    79KB

  • Sample

    201124-8lc9zvvcgx

  • MD5

    696fb9339c2e380ea6351783726c67be

  • SHA1

    3604d9ded94ac0fbaf0ac40a69e07b36980c9715

  • SHA256

    f046de843ad1265fb180d1e6b2b8021dcbddea6b3702bbc324fe78896e0a6a4e

  • SHA512

    ba6d8874db9fad1662a1c87a41dd4f7431b7343c189c1d948eeda04e263671868cbc751d564614848842ecf754da83788daf34e280abd4c8ca62143dc61a27ea

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://etasuklavish.today/

http://mragyzmachnobesdi.today/

http://kimchinikuzims.today/

http://slacvostinrius.today/

http://straponuliusyn.today/

http://grammmdinss.today/

http://viprasputinsd.chimkent.su/

http://lupadypa.dagestan.su/

http://stoknolimchin.exnet.su/

http://musaroprovadnikov.live/

http://teemforyourexprensiti.life/

http://stolkgolmishutich.termez.su/

http://roompampamgandish.wtf/

rc4.i32
rc4.i32

Extracted

Family

zloader

Botnet

r1

Campaign

r1

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      1qj5u.exe

    • Size

      112KB

    • MD5

      c989356bdc4ffc9b4752acecfddb551d

    • SHA1

      fff0e011c492e174a3175c3ddb2ee0d6ed9d7285

    • SHA256

      8afc2dd7267bbf83a46549f4e7731f6473610c33bc9ee41b4dd0b994c3a29473

    • SHA512

      f51769eed207b7b0e9387c9bc13d46502f0c25086c6f1ce8d16678bbe639f06efb799959efac10aefd6d92dd08310216d2929178ebee3f2c73ecad286c89da1f

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation