629a20c37a4f23583a09634a1e8fbe14a2bdb1cb0af2faae5c5c45eafdfbecc9

General
Target

629a20c37a4f23583a09634a1e8fbe14a2bdb1cb0af2faae5c5c45eafdfbecc9

Size

304KB

Sample

220521-t91q3adeak

Score
10 /10
MD5

bf2ecf39567f1fff298c49881148a3b8

SHA1

2b41022b6b9b7cb5d77951dab3c023fb8c7cf809

SHA256

629a20c37a4f23583a09634a1e8fbe14a2bdb1cb0af2faae5c5c45eafdfbecc9

SHA512

bfbb7f24ccd352b9b89d383e0aa91c7ddaa9bb24ffb160a9f2e29f14a8686db0e1efd7e8129a75ccc6f330eae955c28d8d5513227a1ba58a2eec83fba4d9be31

Malware Config

Extracted

Family smokeloader
Version 2020
C2

https://ny-city-mall.com/search.php

https://fresh-cars.net/search.php

rc4.i32
rc4.i32
Targets
Target

629a20c37a4f23583a09634a1e8fbe14a2bdb1cb0af2faae5c5c45eafdfbecc9

MD5

bf2ecf39567f1fff298c49881148a3b8

Filesize

304KB

Score
10/10
SHA1

2b41022b6b9b7cb5d77951dab3c023fb8c7cf809

SHA256

629a20c37a4f23583a09634a1e8fbe14a2bdb1cb0af2faae5c5c45eafdfbecc9

SHA512

bfbb7f24ccd352b9b89d383e0aa91c7ddaa9bb24ffb160a9f2e29f14a8686db0e1efd7e8129a75ccc6f330eae955c28d8d5513227a1ba58a2eec83fba4d9be31

Tags

Signatures

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

    Description

    suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

    Tags

  • suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

    Description

    suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

    Tags

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation
                  Tasks

                  static1