General

  • Target

    0aa0146c720c3018a04e4cbeb1a2da2f5609dc8de9ecd8657c94faea5ef06fe2

  • Size

    293KB

  • Sample

    230921-wp6spahf9z

  • MD5

    24f75de0b3732abb0cbec8db81b453f8

  • SHA1

    ceb92e17967e18352d67b47ca6b4c1c5b9d80218

  • SHA256

    0aa0146c720c3018a04e4cbeb1a2da2f5609dc8de9ecd8657c94faea5ef06fe2

  • SHA512

    7524c41886f4a81b5d4ac513ca7dba935614442bc5398b11fda17436c682fd570af04895801ba6decae28d0bf3c07aac0ed17040ccc683731216c7b86a346e48

  • SSDEEP

    3072:zpMX3pzSo/iplyxkZB7i1aPgqHmqOB1pM/1wm9Sd5qL6uBVULZL1Dgg85ve:FI3ZSLCxQpPgDsaSaqWOVULZSg8F

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      0aa0146c720c3018a04e4cbeb1a2da2f5609dc8de9ecd8657c94faea5ef06fe2

    • Size

      293KB

    • MD5

      24f75de0b3732abb0cbec8db81b453f8

    • SHA1

      ceb92e17967e18352d67b47ca6b4c1c5b9d80218

    • SHA256

      0aa0146c720c3018a04e4cbeb1a2da2f5609dc8de9ecd8657c94faea5ef06fe2

    • SHA512

      7524c41886f4a81b5d4ac513ca7dba935614442bc5398b11fda17436c682fd570af04895801ba6decae28d0bf3c07aac0ed17040ccc683731216c7b86a346e48

    • SSDEEP

      3072:zpMX3pzSo/iplyxkZB7i1aPgqHmqOB1pM/1wm9Sd5qL6uBVULZL1Dgg85ve:FI3ZSLCxQpPgDsaSaqWOVULZSg8F

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks