General
-
Target
file.js
-
Size
27KB
-
Sample
210121-lfzdqjht1j
-
MD5
c25cf17b8ec2aab1ae5222db7fa83368
-
SHA1
2e78dc32dbac62df2ed6223813ea91b9b2de0ff4
-
SHA256
24c7a1cec052e9f92013628100f19dd8b3f564c3bdaa2f8339a74e37146684c6
-
SHA512
44cc5dd4b69faedc7e7c265dc70fa014622754f09758a0ae519aeb5c3d4f1a4be9cf2e43ee3903d77430328ea7af04d1bce5b0329c115e01afe01010d4df1148
Malware Config
Extracted
http://citycapproperty.ru/localmod/nmode.exe
Extracted
smokeloader
2020
http://smbproperty.ru/
http://gmbshop.ru/
http://baksproperty.gov.ug/
http://magistralpsw.ru/
http://mpmanagertzz.ru/
http://powerglasspot.ru/
http://autopartswarehouses.ru/
http://memoloves.ru/
http://alfavanilin.ru/
Targets
-
-
Target
file.js
-
Size
27KB
-
MD5
c25cf17b8ec2aab1ae5222db7fa83368
-
SHA1
2e78dc32dbac62df2ed6223813ea91b9b2de0ff4
-
SHA256
24c7a1cec052e9f92013628100f19dd8b3f564c3bdaa2f8339a74e37146684c6
-
SHA512
44cc5dd4b69faedc7e7c265dc70fa014622754f09758a0ae519aeb5c3d4f1a4be9cf2e43ee3903d77430328ea7af04d1bce5b0329c115e01afe01010d4df1148
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-