General

  • Target

    9679bd82b97cef2666a160a0511b96b40e794466ee9d00a5607ba51b2ff95236_JC.exe

  • Size

    197KB

  • Sample

    230915-qdv9xseg24

  • MD5

    fc87b15ae486d4dc9071b06f293301dd

  • SHA1

    d1d0c61ecca209894b7016987752bd217e8055e5

  • SHA256

    9679bd82b97cef2666a160a0511b96b40e794466ee9d00a5607ba51b2ff95236

  • SHA512

    c6d125f33a2023751389ff96234dafef75bf1f62c908b927befe287dd10449260f0d4b08279c8da176cb101397ddac20abadf6d3c010ada80a349bad86acdfad

  • SSDEEP

    3072:jrenLJF5eSQtqsF4nT5y775sPlUtUy847N7I55Ko9P+TfN49Q:2nL3MSOF4Tw7kmWB47N7IOEP+TV4i

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      9679bd82b97cef2666a160a0511b96b40e794466ee9d00a5607ba51b2ff95236_JC.exe

    • Size

      197KB

    • MD5

      fc87b15ae486d4dc9071b06f293301dd

    • SHA1

      d1d0c61ecca209894b7016987752bd217e8055e5

    • SHA256

      9679bd82b97cef2666a160a0511b96b40e794466ee9d00a5607ba51b2ff95236

    • SHA512

      c6d125f33a2023751389ff96234dafef75bf1f62c908b927befe287dd10449260f0d4b08279c8da176cb101397ddac20abadf6d3c010ada80a349bad86acdfad

    • SSDEEP

      3072:jrenLJF5eSQtqsF4nT5y775sPlUtUy847N7I55Ko9P+TfN49Q:2nL3MSOF4Tw7kmWB47N7IOEP+TV4i

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks