General

  • Target

    2a8bad21145b4d758332588fb79ef6bcb2aa95bd7de7a2d8c0777e6f7146b115_JC.exe

  • Size

    301KB

  • Sample

    230915-pr1k5aee23

  • MD5

    655655e9b1744d3fc9c5772e7be8a48d

  • SHA1

    3a11602219bbe119e5258ca15ef674735613e293

  • SHA256

    2a8bad21145b4d758332588fb79ef6bcb2aa95bd7de7a2d8c0777e6f7146b115

  • SHA512

    6bcc109d74d0ec45c2f77dd8c04c31ef8fdd1137eadc87ffc210bb050a9329c9df82aee07b1a7e200481136f531220941d43487ebacb4154d0684b8e38ab96c0

  • SSDEEP

    3072:U8aVnLG89UmwOTTk9Uhjlsm7yCKYmGV/6CWi0hHp0eUkqlK/Yg3:s9h9UmwOTTkSPTcIkG8Y

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

stealc

C2

http://85.209.11.51

Attributes
  • url_path

    /fefb4a458e1dc58b.php

rc4.plain

Targets

    • Target

      2a8bad21145b4d758332588fb79ef6bcb2aa95bd7de7a2d8c0777e6f7146b115_JC.exe

    • Size

      301KB

    • MD5

      655655e9b1744d3fc9c5772e7be8a48d

    • SHA1

      3a11602219bbe119e5258ca15ef674735613e293

    • SHA256

      2a8bad21145b4d758332588fb79ef6bcb2aa95bd7de7a2d8c0777e6f7146b115

    • SHA512

      6bcc109d74d0ec45c2f77dd8c04c31ef8fdd1137eadc87ffc210bb050a9329c9df82aee07b1a7e200481136f531220941d43487ebacb4154d0684b8e38ab96c0

    • SSDEEP

      3072:U8aVnLG89UmwOTTk9Uhjlsm7yCKYmGV/6CWi0hHp0eUkqlK/Yg3:s9h9UmwOTTkSPTcIkG8Y

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks