General
-
Target
d377be4d6a905ccc1ecb50e53bafd15a3b2fe97e9b3ccae7a8af3041542d209b
-
Size
241KB
-
Sample
220127-azqcsschfk
-
MD5
22deeb82aae1895de080024dc9d2c06e
-
SHA1
5b8cf555b64b2cc43b4984b162974745e6b71e10
-
SHA256
d377be4d6a905ccc1ecb50e53bafd15a3b2fe97e9b3ccae7a8af3041542d209b
-
SHA512
6eb2edb06ee73b2a78471e738c2fdbc3b788eaa893801600127d6468a3cbc8059683fd9d3b98650551f1d53e9700e05324d72be01bd9be0d17caf009b1844df7
Malware Config
Extracted
smokeloader
2020
http://abpa.at/upload/
http://emaratghajari.com/upload/
http://d7qw.cn/upload/
http://alumik-group.ru/upload/
http://zamkikurgan.ru/upload/
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
d377be4d6a905ccc1ecb50e53bafd15a3b2fe97e9b3ccae7a8af3041542d209b
-
Size
241KB
-
MD5
22deeb82aae1895de080024dc9d2c06e
-
SHA1
5b8cf555b64b2cc43b4984b162974745e6b71e10
-
SHA256
d377be4d6a905ccc1ecb50e53bafd15a3b2fe97e9b3ccae7a8af3041542d209b
-
SHA512
6eb2edb06ee73b2a78471e738c2fdbc3b788eaa893801600127d6468a3cbc8059683fd9d3b98650551f1d53e9700e05324d72be01bd9be0d17caf009b1844df7
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-