a42ab3b5e85fea811bdbc04406e1d96e7752da8a712887b694f89f2a2a9ddd2e

General
Target

a42ab3b5e85fea811bdbc04406e1d96e7752da8a712887b694f89f2a2a9ddd2e

Size

215KB

Sample

211014-gay2zagbej

Score
10 /10
MD5

39f5e1067869ba2b940eebcfa9bdffdf

SHA1

a456e2d7fee50a0f2b26626ffdd41a36d8232327

SHA256

a42ab3b5e85fea811bdbc04406e1d96e7752da8a712887b694f89f2a2a9ddd2e

SHA512

b791c409051a71588135d75e36bb55c254a50b4b2a6ea24400d1cd45ffef565ee5e7c36e7aab8b02bd971b5b51f13ded17518ddf4601bed43a02179a858431ff

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://honawey7.xyz/

http://wijibui0.xyz/

http://hefahei6.xyz/

http://pipevai4.xyz/

http://nalirou7.xyz/

http://xacokuo8.xyz/

http://hajezey1.xyz/

http://gejajoo7.xyz/

http://sysaheu9.xyz/

http://rixoxeu9.xyz/

rc4.i32
rc4.i32
Targets
Target

a42ab3b5e85fea811bdbc04406e1d96e7752da8a712887b694f89f2a2a9ddd2e

MD5

39f5e1067869ba2b940eebcfa9bdffdf

Filesize

215KB

Score
10 /10
SHA1

a456e2d7fee50a0f2b26626ffdd41a36d8232327

SHA256

a42ab3b5e85fea811bdbc04406e1d96e7752da8a712887b694f89f2a2a9ddd2e

SHA512

b791c409051a71588135d75e36bb55c254a50b4b2a6ea24400d1cd45ffef565ee5e7c36e7aab8b02bd971b5b51f13ded17518ddf4601bed43a02179a858431ff

Tags

Signatures

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10