General
-
Target
dd3720789e178c7c7eacf0e52579750c857d8b5b5280d9efb919270d45839e1b
-
Size
316KB
-
Sample
220125-l69wkadgan
-
MD5
4d4ea19eb08d29421236a68b7d83e6c8
-
SHA1
7666efddd5ebd9ed827d7ea677d4df7a7bdcfc3f
-
SHA256
dd3720789e178c7c7eacf0e52579750c857d8b5b5280d9efb919270d45839e1b
-
SHA512
fdcbf3ebaf9d4a5c8420ed9fb101795665302c76cbfc50681cebd349f58ceb37cf1063ce5edc6a1bcb26497c4569a373607fec5d05978d0483a1a42b3d028b06
Malware Config
Extracted
smokeloader
2020
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
dd3720789e178c7c7eacf0e52579750c857d8b5b5280d9efb919270d45839e1b
-
Size
316KB
-
MD5
4d4ea19eb08d29421236a68b7d83e6c8
-
SHA1
7666efddd5ebd9ed827d7ea677d4df7a7bdcfc3f
-
SHA256
dd3720789e178c7c7eacf0e52579750c857d8b5b5280d9efb919270d45839e1b
-
SHA512
fdcbf3ebaf9d4a5c8420ed9fb101795665302c76cbfc50681cebd349f58ceb37cf1063ce5edc6a1bcb26497c4569a373607fec5d05978d0483a1a42b3d028b06
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
-
Modifies Windows Firewall
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-