3a7ac1ac60baac512bf45e412aacb90c

General
Target

3a7ac1ac60baac512bf45e412aacb90c

Size

311KB

Sample

211014-fqvh2sgcb3

Score
10 /10
MD5

3a7ac1ac60baac512bf45e412aacb90c

SHA1

d579493a2190a8f6f44a9094148a494c5368cdc7

SHA256

5c88ec7f348d5b457a2f155bbd9b0353c1cb840e0e971013c0ebc58aaee3b715

SHA512

08c3a3861a092eb7e39f6aa7255b36e2bf54b1f7a15b7fb76ac5f94269e7879e3a27187af2ee11f7215f5796e35ecd9146d04744ab4a4e01fb29a137589963b9

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://linavanandr11.club/

http://iselaharty12.club/

http://giovaninardo13.club/

http://zayneliann14.club/

http://zorinosali15.club/

rc4.i32
rc4.i32
Targets
Target

3a7ac1ac60baac512bf45e412aacb90c

MD5

3a7ac1ac60baac512bf45e412aacb90c

Filesize

311KB

Score
10/10
SHA1

d579493a2190a8f6f44a9094148a494c5368cdc7

SHA256

5c88ec7f348d5b457a2f155bbd9b0353c1cb840e0e971013c0ebc58aaee3b715

SHA512

08c3a3861a092eb7e39f6aa7255b36e2bf54b1f7a15b7fb76ac5f94269e7879e3a27187af2ee11f7215f5796e35ecd9146d04744ab4a4e01fb29a137589963b9

Tags

Signatures

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10