General

  • Target

    8060e9f014c41edea8a357017ddfcf37cd4f5a690967207d69033e3a48ff103a

  • Size

    246KB

  • Sample

    230915-egrv5agf2v

  • MD5

    66ca2a56a5a7b579103cdbe31e532406

  • SHA1

    4193575ccf7f40f2d431959502fc08d34d8cda9e

  • SHA256

    8060e9f014c41edea8a357017ddfcf37cd4f5a690967207d69033e3a48ff103a

  • SHA512

    f13e17231270b90ff58f4b57a218a66f07cbdc28f1c05d182f0ffe4088929dfa786b52c82fa34dc6b358dc32f71c83500b78127487525fa588431c641b52a115

  • SSDEEP

    6144:7NL7PWlHLJJkmr7Lt3WQrE/90zorG+thcWbTtR:7V70HXzr7LlB5jccWPj

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      8060e9f014c41edea8a357017ddfcf37cd4f5a690967207d69033e3a48ff103a

    • Size

      246KB

    • MD5

      66ca2a56a5a7b579103cdbe31e532406

    • SHA1

      4193575ccf7f40f2d431959502fc08d34d8cda9e

    • SHA256

      8060e9f014c41edea8a357017ddfcf37cd4f5a690967207d69033e3a48ff103a

    • SHA512

      f13e17231270b90ff58f4b57a218a66f07cbdc28f1c05d182f0ffe4088929dfa786b52c82fa34dc6b358dc32f71c83500b78127487525fa588431c641b52a115

    • SSDEEP

      6144:7NL7PWlHLJJkmr7Lt3WQrE/90zorG+thcWbTtR:7V70HXzr7LlB5jccWPj

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks