General

  • Target

    215f2274738ff6360328ba2985023eed729f37b056504e2aa9170c25d3449830

  • Size

    269KB

  • Sample

    230328-hm6g9ahd97

  • MD5

    3775b77e7fe18ae15ffcaee6a87bdcd2

  • SHA1

    c0fe69069e9c88949db09f4a4db74ac4282785dd

  • SHA256

    215f2274738ff6360328ba2985023eed729f37b056504e2aa9170c25d3449830

  • SHA512

    c30dcfff22a734ee18e161ce1feca43721bb672d9ba462a5515bd3d48efb07f967193a9597a57dbdff5680e3116de97eb80a4db0b781c5375d102dd97fdcd35a

  • SSDEEP

    3072:/N/Q5bKxIcf/XmBJP87dtCoUKnkdwfjMUWsZMCgoNKoDV/5nWdFelmhU:16KHf/2BJmjJ9MUhJ9WnE

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      215f2274738ff6360328ba2985023eed729f37b056504e2aa9170c25d3449830

    • Size

      269KB

    • MD5

      3775b77e7fe18ae15ffcaee6a87bdcd2

    • SHA1

      c0fe69069e9c88949db09f4a4db74ac4282785dd

    • SHA256

      215f2274738ff6360328ba2985023eed729f37b056504e2aa9170c25d3449830

    • SHA512

      c30dcfff22a734ee18e161ce1feca43721bb672d9ba462a5515bd3d48efb07f967193a9597a57dbdff5680e3116de97eb80a4db0b781c5375d102dd97fdcd35a

    • SSDEEP

      3072:/N/Q5bKxIcf/XmBJP87dtCoUKnkdwfjMUWsZMCgoNKoDV/5nWdFelmhU:16KHf/2BJmjJ9MUhJ9WnE

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks