General
-
Target
ec3b7904889b13ad6e6e91afc91ff8e96140afa73f982cc0b3cd070a97f39422
-
Size
334KB
-
Sample
220126-n8gnxache9
-
MD5
a7055a234da95ac729201f384482b135
-
SHA1
c0c843d8a1f05265e846db8ad67a6417c11f73dc
-
SHA256
ec3b7904889b13ad6e6e91afc91ff8e96140afa73f982cc0b3cd070a97f39422
-
SHA512
b97a4167afedc3aef605155f8d30acdb1bbf41ec0d926de895e6f60655b273d6ee2ea596bf01ad39c376375b99e35c1b3be475d4faa7fe37e20a01ad5619f437
Malware Config
Extracted
smokeloader
2020
http://abpa.at/upload/
http://emaratghajari.com/upload/
http://d7qw.cn/upload/
http://alumik-group.ru/upload/
http://zamkikurgan.ru/upload/
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
ec3b7904889b13ad6e6e91afc91ff8e96140afa73f982cc0b3cd070a97f39422
-
Size
334KB
-
MD5
a7055a234da95ac729201f384482b135
-
SHA1
c0c843d8a1f05265e846db8ad67a6417c11f73dc
-
SHA256
ec3b7904889b13ad6e6e91afc91ff8e96140afa73f982cc0b3cd070a97f39422
-
SHA512
b97a4167afedc3aef605155f8d30acdb1bbf41ec0d926de895e6f60655b273d6ee2ea596bf01ad39c376375b99e35c1b3be475d4faa7fe37e20a01ad5619f437
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-