General
-
Target
29dec069a17533ba6989b3fcdd3c4281ef378a38c236fe73af0438062539dbaf
-
Size
315KB
-
Sample
220125-gbz1nahfcj
-
MD5
98efd4e5d64472c1f719803c5d6c1cd9
-
SHA1
f04b6a58f029068b3006dd022e389656e2e6aeeb
-
SHA256
29dec069a17533ba6989b3fcdd3c4281ef378a38c236fe73af0438062539dbaf
-
SHA512
c148663797fcc8b0f9c3315831f80478fb1ba99e80da2ef8ae75cc12a1d226f7086203ba8a8da6ff8f81cb7ceab16fea94a86d2f7fcad9ab6101331d8f10d605
Malware Config
Extracted
smokeloader
2020
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
29dec069a17533ba6989b3fcdd3c4281ef378a38c236fe73af0438062539dbaf
-
Size
315KB
-
MD5
98efd4e5d64472c1f719803c5d6c1cd9
-
SHA1
f04b6a58f029068b3006dd022e389656e2e6aeeb
-
SHA256
29dec069a17533ba6989b3fcdd3c4281ef378a38c236fe73af0438062539dbaf
-
SHA512
c148663797fcc8b0f9c3315831f80478fb1ba99e80da2ef8ae75cc12a1d226f7086203ba8a8da6ff8f81cb7ceab16fea94a86d2f7fcad9ab6101331d8f10d605
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-