General
-
Target
f19f57debb7a888865e350f874081a816f3aefc9e06d194eed062894b04922a8
-
Size
233KB
-
Sample
230421-j2yxdsgf5y
-
MD5
dde32f1cfa7b1a766a56cbe1d307f900
-
SHA1
1b6bde698b5bd12f8f42b370263ab07daf34bd7c
-
SHA256
f19f57debb7a888865e350f874081a816f3aefc9e06d194eed062894b04922a8
-
SHA512
f5a11444cbda6dd18bce08cc2f94c15689a5ff46591ab80a35424a5a7d04ede41459ac2ed3d7beaf06cf01bb6da43f4a7e5449691740da2b6b40ea5ec20162a3
-
SSDEEP
3072:NMgmld1lPXghcsdc59bR1B/sTCpuODWiFPY8SH5pRD/Pbp1:lmldX63E9d1WmuIGfRrPbp1
Malware Config
Extracted
smokeloader
sprg
Extracted
smokeloader
2022
http://hoh0aeghwugh2gie.com/
http://hie7doodohpae4na.com/
http://aek0aicifaloh1yo.com/
http://yic0oosaeiy7ahng.com/
http://wa5zu7sekai8xeih.com/
Targets
-
-
Target
f19f57debb7a888865e350f874081a816f3aefc9e06d194eed062894b04922a8
-
Size
233KB
-
MD5
dde32f1cfa7b1a766a56cbe1d307f900
-
SHA1
1b6bde698b5bd12f8f42b370263ab07daf34bd7c
-
SHA256
f19f57debb7a888865e350f874081a816f3aefc9e06d194eed062894b04922a8
-
SHA512
f5a11444cbda6dd18bce08cc2f94c15689a5ff46591ab80a35424a5a7d04ede41459ac2ed3d7beaf06cf01bb6da43f4a7e5449691740da2b6b40ea5ec20162a3
-
SSDEEP
3072:NMgmld1lPXghcsdc59bR1B/sTCpuODWiFPY8SH5pRD/Pbp1:lmldX63E9d1WmuIGfRrPbp1
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-