General
-
Target
6f1a8ee627ec2ed7e1d818d32a34a163416938eb13a97783a71f9b79843a80a2
-
Size
3.2MB
-
Sample
220128-y5bnlacfdm
-
MD5
f2c77a9133ba9d576b84605e480eb5b4
-
SHA1
d8e22eeb5cd9e204905580a3d5d3ebc0afd0202a
-
SHA256
6f1a8ee627ec2ed7e1d818d32a34a163416938eb13a97783a71f9b79843a80a2
-
SHA512
6f1259012decc3796cf9b62950e4b928b08861120b711595f06c2510cdafb93ff478f25cb2eb29c0679cfdd84d0b325e24fb3739b499401e3cc3468984ecff1e
Malware Config
Extracted
smokeloader
2019
http://topdalescotty.top/xsmkld/index.php
http://billyjimmyer.top/xsmkld/index.php
http://angelmariotti.xyz/xsmkld/index.php
http://tommyhalfigero.top/xsmkld/index.php
http://dannysannyer.top/xsmkld/index.php
Targets
-
-
Target
6f1a8ee627ec2ed7e1d818d32a34a163416938eb13a97783a71f9b79843a80a2
-
Size
3.2MB
-
MD5
f2c77a9133ba9d576b84605e480eb5b4
-
SHA1
d8e22eeb5cd9e204905580a3d5d3ebc0afd0202a
-
SHA256
6f1a8ee627ec2ed7e1d818d32a34a163416938eb13a97783a71f9b79843a80a2
-
SHA512
6f1259012decc3796cf9b62950e4b928b08861120b711595f06c2510cdafb93ff478f25cb2eb29c0679cfdd84d0b325e24fb3739b499401e3cc3468984ecff1e
Score10/10-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-