General

  • Target

    45c00fc07a9ef6a19af5ea63a9c57fa3fc36107c112a691ad3be23ee752f50d9

  • Size

    292KB

  • Sample

    230921-jpdexsee9y

  • MD5

    5b0ed9443e0a5a0bf5cae25ad771a70a

  • SHA1

    72a57c67b9b76794fd0fd5c250d529ae7193b7e8

  • SHA256

    45c00fc07a9ef6a19af5ea63a9c57fa3fc36107c112a691ad3be23ee752f50d9

  • SHA512

    6d8570e78e60ee3f577a0f5953c693c8e1ab24fd44b155d636dee6e0fd6bb7ea0bf3f0db8b3760299ca1eca9e10dc73eb6b80070b4d58a62078172a0a3591210

  • SSDEEP

    6144:KuK6r+l5pPzTg6Mu1e/+vUQ9dDatc/upg83:KuKy+zp/M0vRna368

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      45c00fc07a9ef6a19af5ea63a9c57fa3fc36107c112a691ad3be23ee752f50d9

    • Size

      292KB

    • MD5

      5b0ed9443e0a5a0bf5cae25ad771a70a

    • SHA1

      72a57c67b9b76794fd0fd5c250d529ae7193b7e8

    • SHA256

      45c00fc07a9ef6a19af5ea63a9c57fa3fc36107c112a691ad3be23ee752f50d9

    • SHA512

      6d8570e78e60ee3f577a0f5953c693c8e1ab24fd44b155d636dee6e0fd6bb7ea0bf3f0db8b3760299ca1eca9e10dc73eb6b80070b4d58a62078172a0a3591210

    • SSDEEP

      6144:KuK6r+l5pPzTg6Mu1e/+vUQ9dDatc/upg83:KuKy+zp/M0vRna368

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks