General
-
Target
003ce75f21dc6467934238ae6728a81a1154241057270c76f401a80eb7d5374b
-
Size
244KB
-
Sample
230329-l2zvssfg69
-
MD5
998cc2bf7d60cc3513a63a5da8a914b9
-
SHA1
d074bb38502cf1ffe7a13ee75033ad3c76b14443
-
SHA256
003ce75f21dc6467934238ae6728a81a1154241057270c76f401a80eb7d5374b
-
SHA512
e0ff607de2de35ddd398780029183806511db6e336a8caa648deb38d4487ff59221ebf23fcac1dba94f3441f1b76b4a7e88820bd90eb041da9fea6f4ffd08932
-
SSDEEP
3072:TgZM2/1yHL4iN54UvwU0ZUifp1rJ2KxMI0jY5w7cQIu7ssWAA+X5el968:8ZzUHL4tG0ZUifPrJ2KxMDc5+IuIJrN
Malware Config
Extracted
smokeloader
lab
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
003ce75f21dc6467934238ae6728a81a1154241057270c76f401a80eb7d5374b
-
Size
244KB
-
MD5
998cc2bf7d60cc3513a63a5da8a914b9
-
SHA1
d074bb38502cf1ffe7a13ee75033ad3c76b14443
-
SHA256
003ce75f21dc6467934238ae6728a81a1154241057270c76f401a80eb7d5374b
-
SHA512
e0ff607de2de35ddd398780029183806511db6e336a8caa648deb38d4487ff59221ebf23fcac1dba94f3441f1b76b4a7e88820bd90eb041da9fea6f4ffd08932
-
SSDEEP
3072:TgZM2/1yHL4iN54UvwU0ZUifp1rJ2KxMI0jY5w7cQIu7ssWAA+X5el968:8ZzUHL4tG0ZUifPrJ2KxMDc5+IuIJrN
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself
-
Suspicious use of SetThreadContext
-