General
-
Target
SecuriteInfo.com.BehavesLike.Win32.Trojan.cc.8474
-
Size
154KB
-
Sample
201228-9mmdqn7pcx
-
MD5
49e96bc64fd03e66168d7803136a7fea
-
SHA1
2acca9801718feacd8540987838c44c0fb874ed0
-
SHA256
1fb4559d186a1c07bc4de4617e3a7373b6e76e11135b212e7771bc8518c902ae
-
SHA512
ae4b1414824c57caf435b348f233cd54f9337292b4e730a4368ca02a00ee6ef3626ce887f3b8baec2be7bf3742c920cfe95803143443a7337a9b7596ede5228f
Malware Config
Extracted
smokeloader
2020
http://vtdilet.com/upload/
http://netvxi.com/upload/
http://tinnys.monster/upload/
Targets
-
-
Target
SecuriteInfo.com.BehavesLike.Win32.Trojan.cc.8474
-
Size
154KB
-
MD5
49e96bc64fd03e66168d7803136a7fea
-
SHA1
2acca9801718feacd8540987838c44c0fb874ed0
-
SHA256
1fb4559d186a1c07bc4de4617e3a7373b6e76e11135b212e7771bc8518c902ae
-
SHA512
ae4b1414824c57caf435b348f233cd54f9337292b4e730a4368ca02a00ee6ef3626ce887f3b8baec2be7bf3742c920cfe95803143443a7337a9b7596ede5228f
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-