General

  • Target

    d4d99e3edad6d12e5e4ef43fd0d659d3b3ba3429a0f88daae001709ae09c9855

  • Size

    267KB

  • Sample

    230915-swsymafh52

  • MD5

    7f8f775bffdbd92164a6bae1ee907012

  • SHA1

    4094845ea9225d7270c7289dfed06a1d9edaff5e

  • SHA256

    d4d99e3edad6d12e5e4ef43fd0d659d3b3ba3429a0f88daae001709ae09c9855

  • SHA512

    427baf6cbd2e213e7f3a53a512140b636438679793b7523fc3d8c4003b5b33049a560283f7b4d572c391118df7a0743ba68f50f3e596b061b142f5a9b6966ea0

  • SSDEEP

    3072:EnU5HsmXXWog8WPTqoqJ6NBKun8vEz1fjXkZFbH2qztNJQU:aU5NXXVg8WbqBkKk8vEz1b0bWqzJD

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      d4d99e3edad6d12e5e4ef43fd0d659d3b3ba3429a0f88daae001709ae09c9855

    • Size

      267KB

    • MD5

      7f8f775bffdbd92164a6bae1ee907012

    • SHA1

      4094845ea9225d7270c7289dfed06a1d9edaff5e

    • SHA256

      d4d99e3edad6d12e5e4ef43fd0d659d3b3ba3429a0f88daae001709ae09c9855

    • SHA512

      427baf6cbd2e213e7f3a53a512140b636438679793b7523fc3d8c4003b5b33049a560283f7b4d572c391118df7a0743ba68f50f3e596b061b142f5a9b6966ea0

    • SSDEEP

      3072:EnU5HsmXXWog8WPTqoqJ6NBKun8vEz1fjXkZFbH2qztNJQU:aU5NXXVg8WbqBkKk8vEz1b0bWqzJD

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks