General

  • Target

    fb5b71bacb07026e52f2077a1e9f9a6dfc316cd239265c33418686004edb0dc7

  • Size

    268KB

  • Sample

    230915-p3y7fabg51

  • MD5

    7c408cdac69bcac84b80d9f021ded864

  • SHA1

    4c88eff0da48a63015a1995eaab211c0991631b0

  • SHA256

    fb5b71bacb07026e52f2077a1e9f9a6dfc316cd239265c33418686004edb0dc7

  • SHA512

    ba8f40e4a5fb3dbeb482c2c9ad513c96e2fb5b38bc902843f6c7a9e64c75a628746e4d9aa4952f5827fed01c48ad9dc488ccdd9b73dee9f1389836a384d2fe71

  • SSDEEP

    6144:eTxXgMoqgQ7UTpXM/98krS5AuX1OgRSl:e9Poq37EXwHrS5A

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      fb5b71bacb07026e52f2077a1e9f9a6dfc316cd239265c33418686004edb0dc7

    • Size

      268KB

    • MD5

      7c408cdac69bcac84b80d9f021ded864

    • SHA1

      4c88eff0da48a63015a1995eaab211c0991631b0

    • SHA256

      fb5b71bacb07026e52f2077a1e9f9a6dfc316cd239265c33418686004edb0dc7

    • SHA512

      ba8f40e4a5fb3dbeb482c2c9ad513c96e2fb5b38bc902843f6c7a9e64c75a628746e4d9aa4952f5827fed01c48ad9dc488ccdd9b73dee9f1389836a384d2fe71

    • SSDEEP

      6144:eTxXgMoqgQ7UTpXM/98krS5AuX1OgRSl:e9Poq37EXwHrS5A

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks