General
-
Target
071316d2db6746e3b026add63d4ba5993092218d9f4a101fde5b7c361a715616
-
Size
316KB
-
Sample
220129-amsmdshafr
-
MD5
0d0b0dbf2329b5524a15537186c77d9b
-
SHA1
eba3c6059c29912c41d821aa6599a11577355051
-
SHA256
071316d2db6746e3b026add63d4ba5993092218d9f4a101fde5b7c361a715616
-
SHA512
477d2476f2d8b94cbb3759eebea6fb0287e9ee553c61ec821e791e08b611b8169f537da2edbdd34a3ea7b669da8670fa6682d6a80b55b623d39b43f862f0a28e
Malware Config
Extracted
smokeloader
2020
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
071316d2db6746e3b026add63d4ba5993092218d9f4a101fde5b7c361a715616
-
Size
316KB
-
MD5
0d0b0dbf2329b5524a15537186c77d9b
-
SHA1
eba3c6059c29912c41d821aa6599a11577355051
-
SHA256
071316d2db6746e3b026add63d4ba5993092218d9f4a101fde5b7c361a715616
-
SHA512
477d2476f2d8b94cbb3759eebea6fb0287e9ee553c61ec821e791e08b611b8169f537da2edbdd34a3ea7b669da8670fa6682d6a80b55b623d39b43f862f0a28e
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
-
Modifies Windows Firewall
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-