9af532248c2db561580f9a451a072a9863d03650924e83c1451bb3d4471ad97b

General
Target

9af532248c2db561580f9a451a072a9863d03650924e83c1451bb3d4471ad97b

Size

87KB

Sample

220520-hvy35sfaa8

Score
10 /10
MD5

79c2c4246b1db86c53592afcf57a6ce4

SHA1

f37eb98147abae0a8fa5d27d9f0d43b276ebda84

SHA256

9af532248c2db561580f9a451a072a9863d03650924e83c1451bb3d4471ad97b

SHA512

6dafe326c3251aef997d39ca2c4dd2c4abfc05ff13b3a86e852d3267f1275167eebdda9c3a1779602a053ddaa3e8f044bbcadacf382547fec1d21d87b198809d

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://lendojekam.xyz/index.php

http://lpequdeliren.fun/index.php

http://lgrarcosbann.club/index.php

http://flablenitev.site/index.php

rc4.i32
rc4.i32
Targets
Target

9af532248c2db561580f9a451a072a9863d03650924e83c1451bb3d4471ad97b

MD5

79c2c4246b1db86c53592afcf57a6ce4

Filesize

87KB

Score
10/10
SHA1

f37eb98147abae0a8fa5d27d9f0d43b276ebda84

SHA256

9af532248c2db561580f9a451a072a9863d03650924e83c1451bb3d4471ad97b

SHA512

6dafe326c3251aef997d39ca2c4dd2c4abfc05ff13b3a86e852d3267f1275167eebdda9c3a1779602a053ddaa3e8f044bbcadacf382547fec1d21d87b198809d

Tags

Signatures

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    Description

    suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    Tags

  • CryptOne packer

    Description

    Detects CryptOne packer defined in NCC blogpost.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks