General

  • Target

    3cd8dfd8e49cfa20ec275f3d6e601495e5b296f1b7bd71b7c7ee7ae2f7a2bc24

  • Size

    252KB

  • Sample

    230917-g96k4aaf24

  • MD5

    76776583ccf824e984665aa18d83799e

  • SHA1

    e76201b7a9e2d4f6a4d076b760c81091cd60347f

  • SHA256

    3cd8dfd8e49cfa20ec275f3d6e601495e5b296f1b7bd71b7c7ee7ae2f7a2bc24

  • SHA512

    40f251e5531ba3c12181aed74cec47a52a2ab172d01748f0f16171798d0cc6efc50bb96549d9d77a9375eccabaa7be52ece78784c5dcd74328a5124ae4b404e6

  • SSDEEP

    1536:0pIXn97SNwgTHL0dnnFPE1yPpVknvbOHNgnqibZmtacsw5SAQZsRdISN14/v/TXt:0pcnd4qCWMnvbcWqaaFsw5N7IS07y0

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      3cd8dfd8e49cfa20ec275f3d6e601495e5b296f1b7bd71b7c7ee7ae2f7a2bc24

    • Size

      252KB

    • MD5

      76776583ccf824e984665aa18d83799e

    • SHA1

      e76201b7a9e2d4f6a4d076b760c81091cd60347f

    • SHA256

      3cd8dfd8e49cfa20ec275f3d6e601495e5b296f1b7bd71b7c7ee7ae2f7a2bc24

    • SHA512

      40f251e5531ba3c12181aed74cec47a52a2ab172d01748f0f16171798d0cc6efc50bb96549d9d77a9375eccabaa7be52ece78784c5dcd74328a5124ae4b404e6

    • SSDEEP

      1536:0pIXn97SNwgTHL0dnnFPE1yPpVknvbOHNgnqibZmtacsw5SAQZsRdISN14/v/TXt:0pcnd4qCWMnvbcWqaaFsw5N7IS07y0

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks