General
-
Target
42e38af11a40afb62d84ea7a6f1be3e0b7660fcdf56ba047d990847696286008
-
Size
316KB
-
Sample
220125-zmq61aeefm
-
MD5
144f3b39f333e19e50d9b1fdd79ccc69
-
SHA1
0be1677f2d5b95b87588563d87a8a7b31aaf9e9e
-
SHA256
42e38af11a40afb62d84ea7a6f1be3e0b7660fcdf56ba047d990847696286008
-
SHA512
da2a721d78a86c371434bb42565e55a79bd542c14357ec9315af9c694e23180ccefb890b9ca451a64edc6fd924d87877d74982b6b2fdfe749e3878bc02b417c1
Malware Config
Extracted
smokeloader
2020
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
42e38af11a40afb62d84ea7a6f1be3e0b7660fcdf56ba047d990847696286008
-
Size
316KB
-
MD5
144f3b39f333e19e50d9b1fdd79ccc69
-
SHA1
0be1677f2d5b95b87588563d87a8a7b31aaf9e9e
-
SHA256
42e38af11a40afb62d84ea7a6f1be3e0b7660fcdf56ba047d990847696286008
-
SHA512
da2a721d78a86c371434bb42565e55a79bd542c14357ec9315af9c694e23180ccefb890b9ca451a64edc6fd924d87877d74982b6b2fdfe749e3878bc02b417c1
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
-
Modifies Windows Firewall
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-