General
-
Target
f36d5900e6a646e6c35c4961736742f6583b3437ac7c8adc81f388ab38ea7d82
-
Size
42KB
-
Sample
220707-wsjsbsgca6
-
MD5
31e8b83c5de470dabb7d1e7c0e980ccc
-
SHA1
4c231411776059620fc4ee5f703296451ed5797d
-
SHA256
f36d5900e6a646e6c35c4961736742f6583b3437ac7c8adc81f388ab38ea7d82
-
SHA512
65461eb6e9fc544de135a30f019de5f9bd80d5f8b693850d469b1c928ed00dd9be444b42fecc9e07d4ddd4b0bd4ddd32f01eb6c38c7386f040e0c916c4597c23
Malware Config
Extracted
smokeloader
2018
http://servicecredits1.4irc.com/
http://servicecredits2.4irc.com/
http://servicecredits3.4irc.com/
http://servicecredits4.4irc.com/
http://servicecredits5.4irc.com/
http://servicecredits6.4irc.com/
http://servicecredits7.4irc.com/
http://servicecredits8.4irc.com/
http://servicecredits9.4irc.com/
http://servicecredits10.4irc.com/
http://servicecredits11.4irc.com/
http://servicecredits12.4irc.com/
http://servicecredits13.4irc.com/
http://servicecredits14.4irc.com/
http://servicecredits15.4irc.com/
http://servicecredits16.4irc.com/
http://servicecredits17.4irc.com/
http://servicecredits18.4irc.com/
http://servicecredits19.4irc.com/
http://servicecredits20.4irc.com/
Targets
-
-
Target
f36d5900e6a646e6c35c4961736742f6583b3437ac7c8adc81f388ab38ea7d82
-
Size
42KB
-
MD5
31e8b83c5de470dabb7d1e7c0e980ccc
-
SHA1
4c231411776059620fc4ee5f703296451ed5797d
-
SHA256
f36d5900e6a646e6c35c4961736742f6583b3437ac7c8adc81f388ab38ea7d82
-
SHA512
65461eb6e9fc544de135a30f019de5f9bd80d5f8b693850d469b1c928ed00dd9be444b42fecc9e07d4ddd4b0bd4ddd32f01eb6c38c7386f040e0c916c4597c23
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-