c90f94b9d9cb151bd554e33378ef639551d874a00611ccbdbbef8639407e4dbd

General
Target

c90f94b9d9cb151bd554e33378ef639551d874a00611ccbdbbef8639407e4dbd

Size

305KB

Sample

220521-wlmkmsaeb5

Score
10 /10
MD5

eb9b532b8edac23726c27b76bf330e03

SHA1

a7aa6b9e089fd4f6845d84c7569e55eb3971c5e1

SHA256

c90f94b9d9cb151bd554e33378ef639551d874a00611ccbdbbef8639407e4dbd

SHA512

0a721e387100f446bee4987f50ec6ca71312a239136f68912c8a677ea0530e2b9c008980bbe5402d3ed17df22a0dbfd0e833440c243b49745224669fbede050e

Malware Config

Extracted

Family smokeloader
Version 2020
C2

https://ny-city-mall.com/search.php

https://fresh-cars.net/search.php

rc4.i32
rc4.i32
Targets
Target

c90f94b9d9cb151bd554e33378ef639551d874a00611ccbdbbef8639407e4dbd

MD5

eb9b532b8edac23726c27b76bf330e03

Filesize

305KB

Score
10/10
SHA1

a7aa6b9e089fd4f6845d84c7569e55eb3971c5e1

SHA256

c90f94b9d9cb151bd554e33378ef639551d874a00611ccbdbbef8639407e4dbd

SHA512

0a721e387100f446bee4987f50ec6ca71312a239136f68912c8a677ea0530e2b9c008980bbe5402d3ed17df22a0dbfd0e833440c243b49745224669fbede050e

Tags

Signatures

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation
                  Tasks

                  static1