General

  • Target

    35a532b10e8602afcb5d55c608f6fec7298d6174af8d22d045f05b2d13373987

  • Size

    225KB

  • Sample

    220626-3hyxtsegcl

  • MD5

    8a42240be26a0f3bf16e3d8d894ca73d

  • SHA1

    6fe1f52e4d6a2f7a9229c42181434e1bd10a81ca

  • SHA256

    35a532b10e8602afcb5d55c608f6fec7298d6174af8d22d045f05b2d13373987

  • SHA512

    da14881b4d95440e61f2398e86f539e59fb33b997dceb0bff7c5abdd758ad0b932ca4c61e80e65e918196af11c9c505091ad79285f5c096b349eefe96e7e3f31

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://migyno.win/

http://migyno.bid/

http://migyno.date/

http://migyno.faith/

http://migyno.loan/

http://migyno.men/

http://migyno.party/

http://migyno.stream/

http://migyno.trade/

rc4.i32
rc4.i32

Targets

    • Target

      35a532b10e8602afcb5d55c608f6fec7298d6174af8d22d045f05b2d13373987

    • Size

      225KB

    • MD5

      8a42240be26a0f3bf16e3d8d894ca73d

    • SHA1

      6fe1f52e4d6a2f7a9229c42181434e1bd10a81ca

    • SHA256

      35a532b10e8602afcb5d55c608f6fec7298d6174af8d22d045f05b2d13373987

    • SHA512

      da14881b4d95440e61f2398e86f539e59fb33b997dceb0bff7c5abdd758ad0b932ca4c61e80e65e918196af11c9c505091ad79285f5c096b349eefe96e7e3f31

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks