General

  • Target

    9ffb9893be116d0f629ed1df9a842600ac186839a75d200a56b3171150278f1a

  • Size

    333KB

  • Sample

    220126-ayl9raaggm

  • MD5

    dd3f8b4b7cb85319017857db47816c5d

  • SHA1

    7ec8db38063c3f5e2e3091308f07a17ffce6ce1f

  • SHA256

    9ffb9893be116d0f629ed1df9a842600ac186839a75d200a56b3171150278f1a

  • SHA512

    1107d298618d8821aadae110dc187ebec8177dedfe750c597179e6d9ef7f24e626aba80495be50b00cc08cf939ca9569a6c814f67b6ad7e9337a2fad38f7eae6

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32
rc4.i32

Targets

    • Target

      9ffb9893be116d0f629ed1df9a842600ac186839a75d200a56b3171150278f1a

    • Size

      333KB

    • MD5

      dd3f8b4b7cb85319017857db47816c5d

    • SHA1

      7ec8db38063c3f5e2e3091308f07a17ffce6ce1f

    • SHA256

      9ffb9893be116d0f629ed1df9a842600ac186839a75d200a56b3171150278f1a

    • SHA512

      1107d298618d8821aadae110dc187ebec8177dedfe750c597179e6d9ef7f24e626aba80495be50b00cc08cf939ca9569a6c814f67b6ad7e9337a2fad38f7eae6

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks