onir0.bin.zip

General
Target

onir0.bin.zip

Size

79KB

Sample

201126-jh7kkmgd92

Score
10 /10
MD5

8290d6aa981621690062b2dcdc72fe1e

SHA1

1ba021fa8f6b83243b5a8fbea5e21c86a4dd1468

SHA256

604ab38ce18503e51024931890ed855923bf6dbdbfa11f5e55cec03dd274bbc9

SHA512

dc8a17b79dc15b1b1d9a3b46637a653b0d83049682bdfcca40df18f2d3e3de884fdb3d8e6641d22c6e544eeb9f8e9c6ab9f9bf5b2f772133cfaef786ae8a12ef

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://etasuklavish.today/

http://mragyzmachnobesdi.today/

http://kimchinikuzims.today/

http://slacvostinrius.today/

http://straponuliusyn.today/

http://grammmdinss.today/

http://viprasputinsd.chimkent.su/

http://lupadypa.dagestan.su/

http://stoknolimchin.exnet.su/

http://musaroprovadnikov.live/

http://teemforyourexprensiti.life/

http://stolkgolmishutich.termez.su/

http://roompampamgandish.wtf/
rc4.i32
rc4.i32
Targets
Target

onir0.bin

MD5

c989356bdc4ffc9b4752acecfddb551d

Filesize

112KB

Score
10 /10
SHA1

fff0e011c492e174a3175c3ddb2ee0d6ed9d7285

SHA256

8afc2dd7267bbf83a46549f4e7731f6473610c33bc9ee41b4dd0b994c3a29473

SHA512

f51769eed207b7b0e9387c9bc13d46502f0c25086c6f1ce8d16678bbe639f06efb799959efac10aefd6d92dd08310216d2929178ebee3f2c73ecad286c89da1f

Tags

Signatures

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

Related Tasks

behavioral1 behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10