General
-
Target
cf9d2a1e77247986e1879c701c9e12347fda167fd26ce3bf32df8f4c4eb0594b
-
Size
316KB
-
Sample
220125-jwjwaabga9
-
MD5
469e391a2cade8cac9a0ca180ee3c51d
-
SHA1
06e2492ffe14cbc47a85d112e556d32403c7c53b
-
SHA256
cf9d2a1e77247986e1879c701c9e12347fda167fd26ce3bf32df8f4c4eb0594b
-
SHA512
c5f9e9a878b186fafe9da4390c1164186bf0c6de534345ef4bddcdbd3638e30e15af5599d632c03fa0c24d56484520f3b057b73903c23953732f99e323ec788f
Malware Config
Extracted
smokeloader
2020
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
cf9d2a1e77247986e1879c701c9e12347fda167fd26ce3bf32df8f4c4eb0594b
-
Size
316KB
-
MD5
469e391a2cade8cac9a0ca180ee3c51d
-
SHA1
06e2492ffe14cbc47a85d112e556d32403c7c53b
-
SHA256
cf9d2a1e77247986e1879c701c9e12347fda167fd26ce3bf32df8f4c4eb0594b
-
SHA512
c5f9e9a878b186fafe9da4390c1164186bf0c6de534345ef4bddcdbd3638e30e15af5599d632c03fa0c24d56484520f3b057b73903c23953732f99e323ec788f
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-