General

  • Target

    a9010e2d9cf96d4b7a2ae5c5eb03c076.exe

  • Size

    212KB

  • Sample

    210106-5x5knfvj52

  • MD5

    a9010e2d9cf96d4b7a2ae5c5eb03c076

  • SHA1

    d81dfd909545c4f2668899a5a95b2b805b1aaf58

  • SHA256

    6aceacb6120a5a270ad7906dcedc5fcf3059323b6c2f52e5b3eb83a91630ed8f

  • SHA512

    6ba82c0c26586164f5269b28d1102fd108571a7a8d1f306143cb21e00a8e3bab97e64a8df620f8c73f13cdeef587760b40609a5914afda4480b59ab00232ed31

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://mpmanagertzz.ru/

http://gmbshop.ru/

http://umnsystms.ug/

http://facepropertyzone.com/

http://ovenlumansera.ru/

http://vinimaxcopy.ru/

http://septembexisecel.ru/

http://wevivomboss.com/

http://baksproperty.gov.ug/

http://mossvivoweb.ru/

rc4.i32
rc4.i32

Targets

    • Target

      a9010e2d9cf96d4b7a2ae5c5eb03c076.exe

    • Size

      212KB

    • MD5

      a9010e2d9cf96d4b7a2ae5c5eb03c076

    • SHA1

      d81dfd909545c4f2668899a5a95b2b805b1aaf58

    • SHA256

      6aceacb6120a5a270ad7906dcedc5fcf3059323b6c2f52e5b3eb83a91630ed8f

    • SHA512

      6ba82c0c26586164f5269b28d1102fd108571a7a8d1f306143cb21e00a8e3bab97e64a8df620f8c73f13cdeef587760b40609a5914afda4480b59ab00232ed31

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks