0187bdd84091d29b6ef0dd0ad8bebe7139f7207ec546e04e0ba5baa30b001b58

General
Target

0187bdd84091d29b6ef0dd0ad8bebe7139f7207ec546e04e0ba5baa30b001b58

Size

296KB

Sample

211125-t2f2pafgdq

Score
10 /10
MD5

f0d7c89d9d2573a806332d24d9650164

SHA1

2aea6817194d84b9f9e44f73d748c1e0d9431851

SHA256

0187bdd84091d29b6ef0dd0ad8bebe7139f7207ec546e04e0ba5baa30b001b58

SHA512

3b9a1c860797d102aee75c633190e5f6d43239574d4fab1ecc9138f3d1b59129f97796d2889bc7709962320eec792aa2404d98d48d8e1321ebe85134a2951556

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://membro.at/upload/

http://jeevanpunetha.com/upload/

http://misipu.cn/upload/

http://zavodooo.ru/upload/

http://targiko.ru/upload/

http://vues3d.com/upload/

https://cinems.club/search.php

https://clothes.surf/search.php

rc4.i32
rc4.i32
rc4.i32
rc4.i32
Targets
Target

0187bdd84091d29b6ef0dd0ad8bebe7139f7207ec546e04e0ba5baa30b001b58

MD5

f0d7c89d9d2573a806332d24d9650164

Filesize

296KB

Score
10 /10
SHA1

2aea6817194d84b9f9e44f73d748c1e0d9431851

SHA256

0187bdd84091d29b6ef0dd0ad8bebe7139f7207ec546e04e0ba5baa30b001b58

SHA512

3b9a1c860797d102aee75c633190e5f6d43239574d4fab1ecc9138f3d1b59129f97796d2889bc7709962320eec792aa2404d98d48d8e1321ebe85134a2951556

Tags

Signatures

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

    Description

    suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

    Tags

  • suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

    Description

    suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Deletes itself

  • Drops startup file

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks