General

  • Target

    46298bba7f592537511eaba5ac06078c6db05ae0d3c029741eaff36476321014

  • Size

    289KB

  • Sample

    230921-qrtm9agc5w

  • MD5

    872fd7d815aee85b8fd9f1fe28c03f41

  • SHA1

    0f9c2696f605f0bc90aca7eab6da0c771f985ada

  • SHA256

    46298bba7f592537511eaba5ac06078c6db05ae0d3c029741eaff36476321014

  • SHA512

    fe86fca1eb265e44192b24f354d1ac81479ef311086b1c64bd5dcc26ec2be24e9b9c8af5f3a6fe422fba2a5fe8764bedf745be93854d2c38416d73d5d04854dc

  • SSDEEP

    3072:1nXOZTSke6SSn6O5YiIYJ2nE7/THzPsPkLp2zfZqhCnXh6CZg8/ve:NOpSK16O5Yi7eE/IPsp2z6CnXh6Mg8X

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      46298bba7f592537511eaba5ac06078c6db05ae0d3c029741eaff36476321014

    • Size

      289KB

    • MD5

      872fd7d815aee85b8fd9f1fe28c03f41

    • SHA1

      0f9c2696f605f0bc90aca7eab6da0c771f985ada

    • SHA256

      46298bba7f592537511eaba5ac06078c6db05ae0d3c029741eaff36476321014

    • SHA512

      fe86fca1eb265e44192b24f354d1ac81479ef311086b1c64bd5dcc26ec2be24e9b9c8af5f3a6fe422fba2a5fe8764bedf745be93854d2c38416d73d5d04854dc

    • SSDEEP

      3072:1nXOZTSke6SSn6O5YiIYJ2nE7/THzPsPkLp2zfZqhCnXh6CZg8/ve:NOpSK16O5Yi7eE/IPsp2z6CnXh6Mg8X

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks