General
-
Target
2880fd9dd6041c3fee7c65acdd6fb13f.exe
-
Size
154KB
-
Sample
201228-w9xp2qk3hs
-
MD5
2880fd9dd6041c3fee7c65acdd6fb13f
-
SHA1
e0ccb51afe383bf066bb1c5a419d7716f0fa908c
-
SHA256
6745aeb1cc8de5e42a94850247ea3d54c65865c95c2492006cf8a7b44da2a961
-
SHA512
4918cfd6bd98520b4402cb83e4c3fceea9d178ec77ffc5e76aaa8025f0326669032128becbbf21e570fec6ea3ccd1773a80f6b3f472fb884c07e46fc9c49a0d8
Malware Config
Extracted
smokeloader
2020
http://vtdilet.com/upload/
http://netvxi.com/upload/
http://tinnys.monster/upload/
Targets
-
-
Target
2880fd9dd6041c3fee7c65acdd6fb13f.exe
-
Size
154KB
-
MD5
2880fd9dd6041c3fee7c65acdd6fb13f
-
SHA1
e0ccb51afe383bf066bb1c5a419d7716f0fa908c
-
SHA256
6745aeb1cc8de5e42a94850247ea3d54c65865c95c2492006cf8a7b44da2a961
-
SHA512
4918cfd6bd98520b4402cb83e4c3fceea9d178ec77ffc5e76aaa8025f0326669032128becbbf21e570fec6ea3ccd1773a80f6b3f472fb884c07e46fc9c49a0d8
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-