General

  • Target

    d5b0cf0e37047d7d48fd6be5db6f1b3212f8978fc1e3b80d7979802634252a19

  • Size

    253KB

  • Sample

    230917-hxbqmaah43

  • MD5

    7d1f3735886737b0f12726707e16db52

  • SHA1

    ebd2e29d28c53ec8651632699b0825aaf58200d6

  • SHA256

    d5b0cf0e37047d7d48fd6be5db6f1b3212f8978fc1e3b80d7979802634252a19

  • SHA512

    415bc29b84038efee32c1f4bd2a2e39afa6ee9cc194165026e5b7a0fe7000ff31f5b4f09ab60793ad5ee09035b4643dc782180fead52f0b0ff352a8fd503080d

  • SSDEEP

    3072:aa1FZNQtyJEHhpmBwBnflLM1liPUypfy/3M:ak+tyJwpmBEnRM+Lpfy

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      d5b0cf0e37047d7d48fd6be5db6f1b3212f8978fc1e3b80d7979802634252a19

    • Size

      253KB

    • MD5

      7d1f3735886737b0f12726707e16db52

    • SHA1

      ebd2e29d28c53ec8651632699b0825aaf58200d6

    • SHA256

      d5b0cf0e37047d7d48fd6be5db6f1b3212f8978fc1e3b80d7979802634252a19

    • SHA512

      415bc29b84038efee32c1f4bd2a2e39afa6ee9cc194165026e5b7a0fe7000ff31f5b4f09ab60793ad5ee09035b4643dc782180fead52f0b0ff352a8fd503080d

    • SSDEEP

      3072:aa1FZNQtyJEHhpmBwBnflLM1liPUypfy/3M:ak+tyJwpmBEnRM+Lpfy

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks