General

  • Target

    6e8da5193f8bfbcca705040a9a72acf70dd3d9ea9b2271328acbb3336691cb6d

  • Size

    202KB

  • Sample

    230921-adj9nadd34

  • MD5

    1d4bd34623dcd0aef5c3959de6dba1dc

  • SHA1

    4cae026daa7484827475535c74d6105c773541fd

  • SHA256

    6e8da5193f8bfbcca705040a9a72acf70dd3d9ea9b2271328acbb3336691cb6d

  • SHA512

    40a0eb91ed5f105f0a344b603bd26d8b55956d2c743e4b82b90f06176a8ece687cd207c928dde038647d00e6fcc1dfcba6440f2c39df385f5e1af44fb16e2dcc

  • SSDEEP

    3072:ruXWkTubzv8Ic5oCohKyuIg6mb4GuyxmuSV9D5uGMPe2:qBT+YfkMyTi05VW9

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      6e8da5193f8bfbcca705040a9a72acf70dd3d9ea9b2271328acbb3336691cb6d

    • Size

      202KB

    • MD5

      1d4bd34623dcd0aef5c3959de6dba1dc

    • SHA1

      4cae026daa7484827475535c74d6105c773541fd

    • SHA256

      6e8da5193f8bfbcca705040a9a72acf70dd3d9ea9b2271328acbb3336691cb6d

    • SHA512

      40a0eb91ed5f105f0a344b603bd26d8b55956d2c743e4b82b90f06176a8ece687cd207c928dde038647d00e6fcc1dfcba6440f2c39df385f5e1af44fb16e2dcc

    • SSDEEP

      3072:ruXWkTubzv8Ic5oCohKyuIg6mb4GuyxmuSV9D5uGMPe2:qBT+YfkMyTi05VW9

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks