General
-
Target
935e4f59e41c85ef964a94003789294eefa3ff6c37ea7ec7800cec0bc05b0992
-
Size
316KB
-
Sample
220125-h9s6fabbaj
-
MD5
6b073413759ec06487cf3482c9b87b1b
-
SHA1
ed417849fa89d36232617aff2c12c5748ebf3a4b
-
SHA256
935e4f59e41c85ef964a94003789294eefa3ff6c37ea7ec7800cec0bc05b0992
-
SHA512
f64f666c365720a00886b339b99c764e49b19e131dc2a1ca288aa977cb37040f2217df35077d4a378df436d577af7ba833e020e9d59c620f35016702298e4b80
Malware Config
Extracted
smokeloader
2020
http://abpa.at/upload/
http://emaratghajari.com/upload/
http://d7qw.cn/upload/
http://alumik-group.ru/upload/
http://zamkikurgan.ru/upload/
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
935e4f59e41c85ef964a94003789294eefa3ff6c37ea7ec7800cec0bc05b0992
-
Size
316KB
-
MD5
6b073413759ec06487cf3482c9b87b1b
-
SHA1
ed417849fa89d36232617aff2c12c5748ebf3a4b
-
SHA256
935e4f59e41c85ef964a94003789294eefa3ff6c37ea7ec7800cec0bc05b0992
-
SHA512
f64f666c365720a00886b339b99c764e49b19e131dc2a1ca288aa977cb37040f2217df35077d4a378df436d577af7ba833e020e9d59c620f35016702298e4b80
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets service image path in registry
-