General

  • Target

    a784ce1f68998e6fc1a4c8c4ee42e97f4eb1659c2e1a4518b052eed1a846877a

  • Size

    246KB

  • Sample

    230914-3qxpqsfh6x

  • MD5

    2e87f874a478d79dbc046ffac878c467

  • SHA1

    196f93f0df0bad71e7e7b48155f65d161154b582

  • SHA256

    a784ce1f68998e6fc1a4c8c4ee42e97f4eb1659c2e1a4518b052eed1a846877a

  • SHA512

    9f7119332810c87ff9017bcc9cbeadcbee21864763809312d6a5c473f66721453a9ba1ac2c9aaa2e49d67065b27697f78501216130a9a4240b28ab4845180a6a

  • SSDEEP

    3072:CxXapC9g3GCw/FGuLJ6BA7zYyb/+KcjnXZu8q7Bs8SjTOcVvVVX5udyITw12Uo/:CpO9WGuLJ6YY0+tats8TdyITtUA

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      a784ce1f68998e6fc1a4c8c4ee42e97f4eb1659c2e1a4518b052eed1a846877a

    • Size

      246KB

    • MD5

      2e87f874a478d79dbc046ffac878c467

    • SHA1

      196f93f0df0bad71e7e7b48155f65d161154b582

    • SHA256

      a784ce1f68998e6fc1a4c8c4ee42e97f4eb1659c2e1a4518b052eed1a846877a

    • SHA512

      9f7119332810c87ff9017bcc9cbeadcbee21864763809312d6a5c473f66721453a9ba1ac2c9aaa2e49d67065b27697f78501216130a9a4240b28ab4845180a6a

    • SSDEEP

      3072:CxXapC9g3GCw/FGuLJ6BA7zYyb/+KcjnXZu8q7Bs8SjTOcVvVVX5udyITw12Uo/:CpO9WGuLJ6YY0+tats8TdyITtUA

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks