General
-
Target
setup.exe
-
Size
324KB
-
Sample
230425-axczpahc3w
-
MD5
59ad9523c63ee3098beaf7ad43101a9c
-
SHA1
dfcf33ead46e473c145eb25d5755bfeabe43dd45
-
SHA256
b02ed0cb90849eac8defe6cd1852d58fcb64829f8aef03fe5d13598606592ddd
-
SHA512
34edabcbe938ec97dcfeeeeb00c9f4d7847f8b1f94a3e1717554add10548640df0729c0784f49cbc4f6803cec7ace38ae14424c239c8805fb40089094116b769
-
SSDEEP
3072:lkso7ETCyzUs2XCn4rO0RR2uDnqL+c5Wc/oIXtVTJOWgp3UlbhQosCL7KmeYkReh:q9wUC4a0RoGq5Df1OWtlbLLYY/xdaL
Malware Config
Extracted
smokeloader
pu10
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
setup.exe
-
Size
324KB
-
MD5
59ad9523c63ee3098beaf7ad43101a9c
-
SHA1
dfcf33ead46e473c145eb25d5755bfeabe43dd45
-
SHA256
b02ed0cb90849eac8defe6cd1852d58fcb64829f8aef03fe5d13598606592ddd
-
SHA512
34edabcbe938ec97dcfeeeeb00c9f4d7847f8b1f94a3e1717554add10548640df0729c0784f49cbc4f6803cec7ace38ae14424c239c8805fb40089094116b769
-
SSDEEP
3072:lkso7ETCyzUs2XCn4rO0RR2uDnqL+c5Wc/oIXtVTJOWgp3UlbhQosCL7KmeYkReh:q9wUC4a0RoGq5Df1OWtlbLLYY/xdaL
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of SetThreadContext
-