General
-
Target
8e36946a4142852379da8cac26d307248a61568b2d7c047e76b780b23f652875
-
Size
304KB
-
Sample
220521-emzsxshed5
-
MD5
3389771eff608690e050c776301d665e
-
SHA1
01576a97bad2bcac37d82b7841a3b605d696ac1e
-
SHA256
8e36946a4142852379da8cac26d307248a61568b2d7c047e76b780b23f652875
-
SHA512
b6714d49081f0acf659d4ee1648f38b4cab8c0efd4ce9bed459533ad29078bc07f1999daa8731a2bd87182871fe1b31fa2230290b8d083b729fad70522c0ef27
Malware Config
Extracted
smokeloader
2020
https://ny-city-mall.com/search.php
https://fresh-cars.net/search.php
Targets
-
-
Target
8e36946a4142852379da8cac26d307248a61568b2d7c047e76b780b23f652875
-
Size
304KB
-
MD5
3389771eff608690e050c776301d665e
-
SHA1
01576a97bad2bcac37d82b7841a3b605d696ac1e
-
SHA256
8e36946a4142852379da8cac26d307248a61568b2d7c047e76b780b23f652875
-
SHA512
b6714d49081f0acf659d4ee1648f38b4cab8c0efd4ce9bed459533ad29078bc07f1999daa8731a2bd87182871fe1b31fa2230290b8d083b729fad70522c0ef27
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
-
Modifies Windows Firewall
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-