General
-
Target
weboffice.zip
-
Size
159KB
-
Sample
230804-jfwvxaaa58
-
MD5
62ea2f57d878b0d77ac6235096d31a53
-
SHA1
40f266a6957936834caac71f8dbab6b9a1af6926
-
SHA256
62faf33f89a12975b9ee346deec29335f7f8e0796f3d4c09a5a86db7f0c4bc55
-
SHA512
27a304ce47c00cda09612cce776be35fabf29d5f2187524783796c87e236f674eb071065b3edbc953388a337684ac502925f5799118819101cedc2375727c5da
-
SSDEEP
3072:9hddgNvYHSNVCNMrmcWeiABNYcCdrue7rRWEtemCigZWoaq/SyJG3oe:9hfgN+CVWMEdruMNWAemCiMW/rAG3F
Malware Config
Extracted
smokeloader
2022
http://metallergroup.ru/
http://infomailforyoumak.ru/
http://coinmakopenarea.su/
http://internetcygane.ru/
http://zallesman.ru/
http://maxteroper.ru/
http://kilomunara.com/
http://napropertyhub.eu/
http://nafillimonilini.net/
http://goodlenuxilam.site/
http://jimloamfilling.online/
http://vertusupportjk.org/
http://liverpulapp.ru/
http://zarabovannyok.eu/
http://cityofuganda.ug/
http://hillespostelnm.eu/
http://humanitarydp.ru/
http://zaikaopentra.com.ru/
http://zaikaopentra-com-ug.su/
http://jslopasitmon.com/
Targets
-
-
Target
weboffice.exe
-
Size
289KB
-
MD5
a7110aaac6cddd884e259c5fcc96cf39
-
SHA1
adf55266ed1a0edd9667a6fcba4197d2e0e88599
-
SHA256
9d2f8abbb0f5b815698996aea136c4956b87e4bf248c2527f8711e78e432ffa2
-
SHA512
9d4027c94a2c53035350646a04e13626953da445c874e9dc203148e9cb82474b122b51ad91cb895cbf3c2173fa352e08d0c13334aaff3cb8a0cab0350edf08ba
-
SSDEEP
3072:Zm25HAnLcec0G2ADW4albi/pHvMgO6qyIE65Fl1nZ0bzF1:DALceZGVoAhGFyIEOldZ011
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself
-
Executes dropped EXE
-