2207c55000374d4f885c8d58b026191dce53e71e57ffad5aa0ead6df135691b8

General
Target

2207c55000374d4f885c8d58b026191dce53e71e57ffad5aa0ead6df135691b8

Size

296KB

Sample

211125-tvnsysbba2

Score
10 /10
MD5

4e041b209616fa86b0920c6b5d8198ab

SHA1

cc875a81da6864681c662bd3284fda36116d95e4

SHA256

2207c55000374d4f885c8d58b026191dce53e71e57ffad5aa0ead6df135691b8

SHA512

9273eef266aab14c5cd75e18769fbc2be30e83dc6edda276953646b90da7d9cb7de9d21e7c36e022fd18a1779153d1aa89a1e173cb6dea12fa41e3611cf347e7

Malware Config

Extracted

Family smokeloader
Version 2020
C2

https://cinems.club/search.php

https://clothes.surf/search.php

rc4.i32
rc4.i32
Targets
Target

2207c55000374d4f885c8d58b026191dce53e71e57ffad5aa0ead6df135691b8

MD5

4e041b209616fa86b0920c6b5d8198ab

Filesize

296KB

Score
10 /10
SHA1

cc875a81da6864681c662bd3284fda36116d95e4

SHA256

2207c55000374d4f885c8d58b026191dce53e71e57ffad5aa0ead6df135691b8

SHA512

9273eef266aab14c5cd75e18769fbc2be30e83dc6edda276953646b90da7d9cb7de9d21e7c36e022fd18a1779153d1aa89a1e173cb6dea12fa41e3611cf347e7

Tags

Signatures

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Deletes itself

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1