General
-
Target
5835ff513501ee48af498acf0e9064a3dce0c8c10b6d5d0a9ea033c4d1fb5a08
-
Size
317KB
-
Sample
220125-mxcp5sedak
-
MD5
1b653eaf0bef2b7f77bf21d785aeeda4
-
SHA1
99b53f23966faf6328ea00945eb0919d4379bafc
-
SHA256
5835ff513501ee48af498acf0e9064a3dce0c8c10b6d5d0a9ea033c4d1fb5a08
-
SHA512
bc3e2a262201010b7539101ba86e30036036a4d1df97eea8af26ce38e78170a411a11cd56ac599ce002956440586639cf65af947eadfbc7983657cd85b0c139d
Malware Config
Extracted
smokeloader
2020
http://abpa.at/upload/
http://emaratghajari.com/upload/
http://d7qw.cn/upload/
http://alumik-group.ru/upload/
http://zamkikurgan.ru/upload/
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
5835ff513501ee48af498acf0e9064a3dce0c8c10b6d5d0a9ea033c4d1fb5a08
-
Size
317KB
-
MD5
1b653eaf0bef2b7f77bf21d785aeeda4
-
SHA1
99b53f23966faf6328ea00945eb0919d4379bafc
-
SHA256
5835ff513501ee48af498acf0e9064a3dce0c8c10b6d5d0a9ea033c4d1fb5a08
-
SHA512
bc3e2a262201010b7539101ba86e30036036a4d1df97eea8af26ce38e78170a411a11cd56ac599ce002956440586639cf65af947eadfbc7983657cd85b0c139d
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-