General

  • Target

    174876b3e81985f6ede4bb16076dcb0b92c7067f560145a070481ed2a7de2511

  • Size

    364KB

  • Sample

    220701-dz5z2acaa6

  • MD5

    a04064572099c06bc10428d46d423f7e

  • SHA1

    ed13b58b821d1eb62df8f4226736f751049af3e8

  • SHA256

    174876b3e81985f6ede4bb16076dcb0b92c7067f560145a070481ed2a7de2511

  • SHA512

    56cb60559c60fa1909f609cfdca82da5dd7947a303c33b9021cf4ecb1e37d149aae8f6c65d57c9fe3205c6bb8c62a22ddbb503d6fcc6f00d7312ffd3d8f868a3

Malware Config

Extracted

Family

smokeloader

Version

2019

C2

http://emona66.com.kz/nonso/

http://emona667.com.kz/nonso2/

rc4.i32
rc4.i32

Targets

    • Target

      174876b3e81985f6ede4bb16076dcb0b92c7067f560145a070481ed2a7de2511

    • Size

      364KB

    • MD5

      a04064572099c06bc10428d46d423f7e

    • SHA1

      ed13b58b821d1eb62df8f4226736f751049af3e8

    • SHA256

      174876b3e81985f6ede4bb16076dcb0b92c7067f560145a070481ed2a7de2511

    • SHA512

      56cb60559c60fa1909f609cfdca82da5dd7947a303c33b9021cf4ecb1e37d149aae8f6c65d57c9fe3205c6bb8c62a22ddbb503d6fcc6f00d7312ffd3d8f868a3

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks