General

  • Target

    83a59f9830a5fbd1ba5d8bca59562ed6c482240b5c8cb627a46654258046be05

  • Size

    294KB

  • Sample

    230921-sx5ntaba47

  • MD5

    507ed0682b66f911a17e2d8295648112

  • SHA1

    7f22a7470e048d6b8539334c547e3e41e7356de2

  • SHA256

    83a59f9830a5fbd1ba5d8bca59562ed6c482240b5c8cb627a46654258046be05

  • SHA512

    17899580f150bc613fde057806c20c7306533538f813017bee1f11a47c11504d2d3285f6937532da4e1fd0a1561258d2fc62fafcf72028d7af9b1d5fa52b4305

  • SSDEEP

    6144:9kUgZS/+JW86mWhkln7ObrnefgSIM0g8s:9kUgImJW8znsUJr8

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      83a59f9830a5fbd1ba5d8bca59562ed6c482240b5c8cb627a46654258046be05

    • Size

      294KB

    • MD5

      507ed0682b66f911a17e2d8295648112

    • SHA1

      7f22a7470e048d6b8539334c547e3e41e7356de2

    • SHA256

      83a59f9830a5fbd1ba5d8bca59562ed6c482240b5c8cb627a46654258046be05

    • SHA512

      17899580f150bc613fde057806c20c7306533538f813017bee1f11a47c11504d2d3285f6937532da4e1fd0a1561258d2fc62fafcf72028d7af9b1d5fa52b4305

    • SSDEEP

      6144:9kUgZS/+JW86mWhkln7ObrnefgSIM0g8s:9kUgImJW8znsUJr8

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks