25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0

General
Target

25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0

Size

308KB

Sample

210305-9nj6dfky4n

Score
10 /10
MD5

c067e0a2d7fc6092bb77abc7f7156b60

SHA1

52f68073caec0fd424c7cbaaed5f5221d7103d20

SHA256

25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0

SHA512

685145c679413f82101c328ce4264c5f84d0347db1c5170e16d8a459b9ad12a87bf5e718e049e5c9c639e22197ee26d4aa33fac8c133b9d86772dfe1a8068dfc

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://pukupoko.top/

http://halyavapridi.top/

http://holofrew.me/

rc4.i32
rc4.i32
Targets
Target

25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0

MD5

c067e0a2d7fc6092bb77abc7f7156b60

Filesize

308KB

Score
10 /10
SHA1

52f68073caec0fd424c7cbaaed5f5221d7103d20

SHA256

25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0

SHA512

685145c679413f82101c328ce4264c5f84d0347db1c5170e16d8a459b9ad12a87bf5e718e049e5c9c639e22197ee26d4aa33fac8c133b9d86772dfe1a8068dfc

Tags

Signatures

  • Detected Netwalker Ransomware

    Description

    Detected unpacked Netwalker executable.

  • Netwalker Ransomware

    Description

    Ransomware family with multiple versions. Also known as MailTo.

    Tags

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • CryptOne packer

    Description

    Detects CryptOne packer defined in NCC blogpost.

    Tags

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation