General
-
Target
d01bc9755704b973d76010375c96d4de026ac25a8ca4ae8792a05733ade07bdb
-
Size
317KB
-
Sample
220125-qwbm8sgefm
-
MD5
0ef345cb01c76b5c447e54de6cbc8f53
-
SHA1
82751eec5c8a990d6d4f4de2b1ff0084ab2ef832
-
SHA256
d01bc9755704b973d76010375c96d4de026ac25a8ca4ae8792a05733ade07bdb
-
SHA512
12e9f3e7ed50dfe41721bd66ac1fb221715fb1517e6757e272f4a793f8e13569fa7758fb3f736c5002ef0471999d952147e5ce120a07e3fadd17f375f5e8f5f4
Malware Config
Extracted
smokeloader
2020
http://abpa.at/upload/
http://emaratghajari.com/upload/
http://d7qw.cn/upload/
http://alumik-group.ru/upload/
http://zamkikurgan.ru/upload/
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
d01bc9755704b973d76010375c96d4de026ac25a8ca4ae8792a05733ade07bdb
-
Size
317KB
-
MD5
0ef345cb01c76b5c447e54de6cbc8f53
-
SHA1
82751eec5c8a990d6d4f4de2b1ff0084ab2ef832
-
SHA256
d01bc9755704b973d76010375c96d4de026ac25a8ca4ae8792a05733ade07bdb
-
SHA512
12e9f3e7ed50dfe41721bd66ac1fb221715fb1517e6757e272f4a793f8e13569fa7758fb3f736c5002ef0471999d952147e5ce120a07e3fadd17f375f5e8f5f4
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-