General

  • Target

    pax. ü 00163-2021.js

  • Size

    66KB

  • Sample

    210420-p2b3waqmpe

  • MD5

    0819eda4c8a833cb2ffd5c4f2a297fdc

  • SHA1

    8b64c307ac3ae0e55ebc879528188257f16d2c80

  • SHA256

    caabe0aa3bf3d3ffb2e90fde81869aeed004bf6f9f5182e43069e648f44df4a0

  • SHA512

    270c3dec904d5f8eb1bbaeb9b5c497076953f39e154adf24daf18f36095bd3d59056717ee7e5dab2d0b10dbe67ddcec6db7a0e6357720ce3f1100652e3db5866

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://smbproperty.ru/

http://gmbshop.ru/

http://baksproperty.gov.ug/

http://magistralpsw.ru/

http://mpmanagertzz.ru/

http://powerglasspot.ru/

http://autopartswarehouses.ru/

http://memoloves.ru/

http://alfavanilin.ru/

rc4.i32
rc4.i32

Targets

    • Target

      pax. ü 00163-2021.js

    • Size

      66KB

    • MD5

      0819eda4c8a833cb2ffd5c4f2a297fdc

    • SHA1

      8b64c307ac3ae0e55ebc879528188257f16d2c80

    • SHA256

      caabe0aa3bf3d3ffb2e90fde81869aeed004bf6f9f5182e43069e648f44df4a0

    • SHA512

      270c3dec904d5f8eb1bbaeb9b5c497076953f39e154adf24daf18f36095bd3d59056717ee7e5dab2d0b10dbe67ddcec6db7a0e6357720ce3f1100652e3db5866

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Tasks