General
-
Target
3a60c7303e66283c4535a0c85a8bd754aafdfddb7753d5afc182dbd4f3af8196
-
Size
229KB
-
Sample
220625-er876adfdm
-
MD5
c9ab19e59a63d2c1923400cd76791526
-
SHA1
bb66f2e13660565cd91e7e72ad181a90ca477331
-
SHA256
3a60c7303e66283c4535a0c85a8bd754aafdfddb7753d5afc182dbd4f3af8196
-
SHA512
de03a0ade42c8edf0daa41f9b5bf77ec31677b712e864639fa89f3410558abd678090c9e35d47a9ba9d4c7c18bb67fffbdcda28b07a9a695f13d287f0ae23783
Malware Config
Extracted
smokeloader
2017
http://bbank.bit/
http://abank.bit/
Targets
-
-
Target
3a60c7303e66283c4535a0c85a8bd754aafdfddb7753d5afc182dbd4f3af8196
-
Size
229KB
-
MD5
c9ab19e59a63d2c1923400cd76791526
-
SHA1
bb66f2e13660565cd91e7e72ad181a90ca477331
-
SHA256
3a60c7303e66283c4535a0c85a8bd754aafdfddb7753d5afc182dbd4f3af8196
-
SHA512
de03a0ade42c8edf0daa41f9b5bf77ec31677b712e864639fa89f3410558abd678090c9e35d47a9ba9d4c7c18bb67fffbdcda28b07a9a695f13d287f0ae23783
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
suricata: ET MALWARE Sharik/Smoke Loader Java Connectivity Check
suricata: ET MALWARE Sharik/Smoke Loader Java Connectivity Check
-
Adds policy Run key to start application
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-