General
-
Target
SecuriteInfo.com.BehavesLike.Win32.Trojan.cc.21406
-
Size
154KB
-
Sample
201228-67648v2rla
-
MD5
c15de5bd771cbdadc7870814debee5e6
-
SHA1
89dc5b908e99a6270864e2df0c72cc31fb7b05ff
-
SHA256
310966da92c632e2cb4b22c9efc1bcbffe71c54be89cdb4b2b2119611be25fd0
-
SHA512
299cac00651dfe3b73cc1554d8e8e23ff8286b17c95f46be6e59f10e4932cdcbc28790e2e8c00d43b002d8e7e251f0a9a4ce7f2cd84f186d6cdb81991f820556
Malware Config
Extracted
smokeloader
2020
http://vtdilet.com/upload/
http://netvxi.com/upload/
http://tinnys.monster/upload/
Targets
-
-
Target
SecuriteInfo.com.BehavesLike.Win32.Trojan.cc.21406
-
Size
154KB
-
MD5
c15de5bd771cbdadc7870814debee5e6
-
SHA1
89dc5b908e99a6270864e2df0c72cc31fb7b05ff
-
SHA256
310966da92c632e2cb4b22c9efc1bcbffe71c54be89cdb4b2b2119611be25fd0
-
SHA512
299cac00651dfe3b73cc1554d8e8e23ff8286b17c95f46be6e59f10e4932cdcbc28790e2e8c00d43b002d8e7e251f0a9a4ce7f2cd84f186d6cdb81991f820556
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-