General

  • Target

    8fc020321d73b1e12951ca6efc774ba7bc745a2593c252ba04b1b48cd3e71118

  • Size

    298KB

  • Sample

    230915-jvjtwscc93

  • MD5

    3d5e96c51d65e852c111858e5e23b7ce

  • SHA1

    240f319490763824adf214eea6d41c943a02f243

  • SHA256

    8fc020321d73b1e12951ca6efc774ba7bc745a2593c252ba04b1b48cd3e71118

  • SHA512

    5d785c5568eb2ea2daf67b089fb53002fb997bbd67051210cb006727a7a46a80fbb3181e3cd21198cce7420f587f4251f3bcc0f58514f7ebc1e60a80023273b0

  • SSDEEP

    3072:gy4OPh0mXQOjxew49zfBGryVJqkKaCAbJhmbmy+IiEwNYnNEYu07v:b4OP7XQOjAwY56yykKa7Jhk5+N

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      8fc020321d73b1e12951ca6efc774ba7bc745a2593c252ba04b1b48cd3e71118

    • Size

      298KB

    • MD5

      3d5e96c51d65e852c111858e5e23b7ce

    • SHA1

      240f319490763824adf214eea6d41c943a02f243

    • SHA256

      8fc020321d73b1e12951ca6efc774ba7bc745a2593c252ba04b1b48cd3e71118

    • SHA512

      5d785c5568eb2ea2daf67b089fb53002fb997bbd67051210cb006727a7a46a80fbb3181e3cd21198cce7420f587f4251f3bcc0f58514f7ebc1e60a80023273b0

    • SSDEEP

      3072:gy4OPh0mXQOjxew49zfBGryVJqkKaCAbJhmbmy+IiEwNYnNEYu07v:b4OP7XQOjAwY56yykKa7Jhk5+N

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks