General

  • Target

    4486684e1b0197497e946a50a854ddf0.exe

  • Size

    32KB

  • Sample

    210415-ebgpqbddrx

  • MD5

    4486684e1b0197497e946a50a854ddf0

  • SHA1

    84349c8550af0b9a06142032df5925996e05f5c3

  • SHA256

    d5e3ce92c70d51c53853215bdef05db7c98b7b6bca3c75efa0172a0923b1bda0

  • SHA512

    8eadd0bc08d84e218045663f51024a7d6bfa24a4e6f4f5e39a835d1da9669dedfe49ea5aaa138c54706e697c6fbb904747ca51ce1b16eb9f34470162b7a41174

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://bristell.com/0/

rc4.i32
rc4.i32

Targets

    • Target

      4486684e1b0197497e946a50a854ddf0.exe

    • Size

      32KB

    • MD5

      4486684e1b0197497e946a50a854ddf0

    • SHA1

      84349c8550af0b9a06142032df5925996e05f5c3

    • SHA256

      d5e3ce92c70d51c53853215bdef05db7c98b7b6bca3c75efa0172a0923b1bda0

    • SHA512

      8eadd0bc08d84e218045663f51024a7d6bfa24a4e6f4f5e39a835d1da9669dedfe49ea5aaa138c54706e697c6fbb904747ca51ce1b16eb9f34470162b7a41174

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks