General
-
Target
255cb851c6efc840d6c95de7e2ee53b6a0a77356d4d5f05488851ee02ccae256
-
Size
172KB
-
Sample
220611-x1s7eadahp
-
MD5
436b9ec31453c1d792f7553532f29918
-
SHA1
26e0e2e21bbeb409335d3dfab4e77739a70fc1ca
-
SHA256
255cb851c6efc840d6c95de7e2ee53b6a0a77356d4d5f05488851ee02ccae256
-
SHA512
4b7cf88c970e111dd439396109f6a4ef0f074bd4453ab05a71b1a958f08870c0960cda6b06b7c56a8586b5ab75623f0c543837f5cad9c2f455eb37edc8e2d2c1
Malware Config
Extracted
smokeloader
2017
http://xcols.bit/1/
http://siled.bit/1/
http://ds12.ng/1/
http://d3s1.me/1/
Targets
-
-
Target
255cb851c6efc840d6c95de7e2ee53b6a0a77356d4d5f05488851ee02ccae256
-
Size
172KB
-
MD5
436b9ec31453c1d792f7553532f29918
-
SHA1
26e0e2e21bbeb409335d3dfab4e77739a70fc1ca
-
SHA256
255cb851c6efc840d6c95de7e2ee53b6a0a77356d4d5f05488851ee02ccae256
-
SHA512
4b7cf88c970e111dd439396109f6a4ef0f074bd4453ab05a71b1a958f08870c0960cda6b06b7c56a8586b5ab75623f0c543837f5cad9c2f455eb37edc8e2d2c1
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-