General

  • Target

    615e2260a5d76dcd21ce62f173a2bae0a429b7bcbde5e3762c48622335a63271

  • Size

    118KB

  • Sample

    220701-fvhp2sfbf8

  • MD5

    ce788561b3a942d068c327067636344a

  • SHA1

    e88d90ac5f25d487a5717c329b47bbbe4a4a4d5b

  • SHA256

    615e2260a5d76dcd21ce62f173a2bae0a429b7bcbde5e3762c48622335a63271

  • SHA512

    f48bb754d702bd8a1e7f233a8b1800c5b682f295da6fed8407aed8a9cd40c5d47822ca5402497e86a443bb9f9593aee7480efba3d18df54e147cf55b100bfa87

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://ghjk78kjhb.net/

http://cleancleankkl.net/

http://dunujilis11r.net/

http://sulionuili1.in/

http://eseruuynli2.net/

http://nulikuliey.net/

http://oohdojssks9uf.net/

rc4.i32
rc4.i32

Targets

    • Target

      615e2260a5d76dcd21ce62f173a2bae0a429b7bcbde5e3762c48622335a63271

    • Size

      118KB

    • MD5

      ce788561b3a942d068c327067636344a

    • SHA1

      e88d90ac5f25d487a5717c329b47bbbe4a4a4d5b

    • SHA256

      615e2260a5d76dcd21ce62f173a2bae0a429b7bcbde5e3762c48622335a63271

    • SHA512

      f48bb754d702bd8a1e7f233a8b1800c5b682f295da6fed8407aed8a9cd40c5d47822ca5402497e86a443bb9f9593aee7480efba3d18df54e147cf55b100bfa87

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Tasks