4f9269aa09bac3fb5604de2a84dff5e8e376aa3030cb8d4a7f14fe87eee817f4

General
Target

4f9269aa09bac3fb5604de2a84dff5e8e376aa3030cb8d4a7f14fe87eee817f4

Size

235KB

Sample

220521-xxp1kscge4

Score
10 /10
MD5

059a8da68bcee1d596d3f445decf8795

SHA1

0928a4ee560f3dfea29931cfaf8bd4f78c38c617

SHA256

4f9269aa09bac3fb5604de2a84dff5e8e376aa3030cb8d4a7f14fe87eee817f4

SHA512

018feb0d12365ef3d5950aa2a2b70a448d992ab7e68ece4493d36963e64dbef74ac135989d071e3cdf5ec9e92845fdbdb247190158bc96841266d03a8bb91e84

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://naritouzina.net/

http://nukaraguasleep.net/

http://notfortuaj.net/

http://natuturalistic.net/

http://zaniolofusa.net/

rc4.i32
rc4.i32
Targets
Target

4f9269aa09bac3fb5604de2a84dff5e8e376aa3030cb8d4a7f14fe87eee817f4

MD5

059a8da68bcee1d596d3f445decf8795

Filesize

235KB

Score
10/10
SHA1

0928a4ee560f3dfea29931cfaf8bd4f78c38c617

SHA256

4f9269aa09bac3fb5604de2a84dff5e8e376aa3030cb8d4a7f14fe87eee817f4

SHA512

018feb0d12365ef3d5950aa2a2b70a448d992ab7e68ece4493d36963e64dbef74ac135989d071e3cdf5ec9e92845fdbdb247190158bc96841266d03a8bb91e84

Tags

Signatures

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    Description

    suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    Tags

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10