General

  • Target

    37935d58f34805538d82b34ee9c104df240fc4f5ff0ab35f4d4fc444198f97a7

  • Size

    187KB

  • Sample

    220625-2t1ecsfcfq

  • MD5

    bf519363663781093708fc05ea32c809

  • SHA1

    69ffda8bb448d0cf28797ac3b9a18fc2ffcfa350

  • SHA256

    37935d58f34805538d82b34ee9c104df240fc4f5ff0ab35f4d4fc444198f97a7

  • SHA512

    5d62736a2bb424b954208e6841cb00658eadbe96555f038b5cce1494cf9d6a63ffc452dabf726da799d349896044082dfe7e4d6d2ce094c3a9005435fcb61cf8

Malware Config

Extracted

Family

smokeloader

Version

2019

C2

http://gvs1.in/3/

http://jdcbhs.ru/3/

http://m21ch.com/3/

http://cnocks.net/3/

rc4.i32
rc4.i32

Targets

    • Target

      37935d58f34805538d82b34ee9c104df240fc4f5ff0ab35f4d4fc444198f97a7

    • Size

      187KB

    • MD5

      bf519363663781093708fc05ea32c809

    • SHA1

      69ffda8bb448d0cf28797ac3b9a18fc2ffcfa350

    • SHA256

      37935d58f34805538d82b34ee9c104df240fc4f5ff0ab35f4d4fc444198f97a7

    • SHA512

      5d62736a2bb424b954208e6841cb00658eadbe96555f038b5cce1494cf9d6a63ffc452dabf726da799d349896044082dfe7e4d6d2ce094c3a9005435fcb61cf8

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks