General

  • Target

    92d3562dabe0104befc4737bd99053583027facf0a3f6ef59b1c25fe78973742

  • Size

    265KB

  • Sample

    230327-3dxh7shf9z

  • MD5

    d4c7b1bf2fb6b19675194cb5c11e7a36

  • SHA1

    36a817d059a1edf1473350d2a6b59768338b87b4

  • SHA256

    92d3562dabe0104befc4737bd99053583027facf0a3f6ef59b1c25fe78973742

  • SHA512

    23d17b0ac0e7f5cc25b112ead1d889ff934e1f8cb836b697d5a013cd82b533a07b5b3d69310a8f5b217aa170a0f5a718eebe5ed4297cc85ad9e62e1f0ba273db

  • SSDEEP

    3072:gOj+QRHyUUmJyuzoLKM7pnDW3OhElMGVdyMRrUmUqHX8N19vEOQ7mML5kfVqwCUD:vd5yUUuzoLDI+9GPydqstKyfc

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      92d3562dabe0104befc4737bd99053583027facf0a3f6ef59b1c25fe78973742

    • Size

      265KB

    • MD5

      d4c7b1bf2fb6b19675194cb5c11e7a36

    • SHA1

      36a817d059a1edf1473350d2a6b59768338b87b4

    • SHA256

      92d3562dabe0104befc4737bd99053583027facf0a3f6ef59b1c25fe78973742

    • SHA512

      23d17b0ac0e7f5cc25b112ead1d889ff934e1f8cb836b697d5a013cd82b533a07b5b3d69310a8f5b217aa170a0f5a718eebe5ed4297cc85ad9e62e1f0ba273db

    • SSDEEP

      3072:gOj+QRHyUUmJyuzoLKM7pnDW3OhElMGVdyMRrUmUqHX8N19vEOQ7mML5kfVqwCUD:vd5yUUuzoLDI+9GPydqstKyfc

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks