256340cafa360c86852d0f2b648e85a9e0957a66f58c0bc572f6b7482bb75135

General
Target

256340cafa360c86852d0f2b648e85a9e0957a66f58c0bc572f6b7482bb75135

Size

304KB

Sample

220521-tgbw8saae5

Score
10 /10
MD5

cfbe64a303fb6e0000c7859bfb13a1a2

SHA1

a6b85217a3bd9ef76f1235a9ab92384b96b7fede

SHA256

256340cafa360c86852d0f2b648e85a9e0957a66f58c0bc572f6b7482bb75135

SHA512

c411656d43d9b709db77c153da224e2930d26200dc081082d0a4beb0be23b6e63c9e747ec3d650cd670f72c08d79ba40d49c9091344e305a01657916109284b1

Malware Config

Extracted

Family smokeloader
Version 2020
C2

https://ny-city-mall.com/search.php

https://fresh-cars.net/search.php

rc4.i32
rc4.i32
Targets
Target

256340cafa360c86852d0f2b648e85a9e0957a66f58c0bc572f6b7482bb75135

MD5

cfbe64a303fb6e0000c7859bfb13a1a2

Filesize

304KB

Score
10/10
SHA1

a6b85217a3bd9ef76f1235a9ab92384b96b7fede

SHA256

256340cafa360c86852d0f2b648e85a9e0957a66f58c0bc572f6b7482bb75135

SHA512

c411656d43d9b709db77c153da224e2930d26200dc081082d0a4beb0be23b6e63c9e747ec3d650cd670f72c08d79ba40d49c9091344e305a01657916109284b1

Tags

Signatures

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

    Description

    suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

    Tags

  • suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

    Description

    suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

    Tags

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Deletes itself

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks