Description
Modular backdoor trojan in use since 2014.
256340cafa360c86852d0f2b648e85a9e0957a66f58c0bc572f6b7482bb75135
General
Target
Size
Sample
256340cafa360c86852d0f2b648e85a9e0957a66f58c0bc572f6b7482bb75135
304KB
220521-tgbw8saae5
Score
10 /10
MD5
SHA1
SHA256
SHA512
cfbe64a303fb6e0000c7859bfb13a1a2
a6b85217a3bd9ef76f1235a9ab92384b96b7fede
256340cafa360c86852d0f2b648e85a9e0957a66f58c0bc572f6b7482bb75135
c411656d43d9b709db77c153da224e2930d26200dc081082d0a4beb0be23b6e63c9e747ec3d650cd670f72c08d79ba40d49c9091344e305a01657916109284b1
Malware Config
Extracted
| Family | smokeloader |
| Version | 2020 |
| C2 |
https://ny-city-mall.com/search.php https://fresh-cars.net/search.php |
| rc4.i32 |
|
| rc4.i32 |
|
Targets
Target
MD5
Filesize
256340cafa360c86852d0f2b648e85a9e0957a66f58c0bc572f6b7482bb75135
cfbe64a303fb6e0000c7859bfb13a1a2
304KB
Score
10/10
SHA1
SHA256
SHA512
a6b85217a3bd9ef76f1235a9ab92384b96b7fede
256340cafa360c86852d0f2b648e85a9e0957a66f58c0bc572f6b7482bb75135
c411656d43d9b709db77c153da224e2930d26200dc081082d0a4beb0be23b6e63c9e747ec3d650cd670f72c08d79ba40d49c9091344e305a01657916109284b1
Tags
Signatures
-
SmokeLoader
-
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
Description
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
Tags
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
Description
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
Tags
-
Modifies Windows Firewall
Tags
TTPs
-
Deletes itself
-
Accesses Microsoft Outlook profiles
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks