General

  • Target

    734c300338f40643967931a824822684721d02b80912b7066814a7802eff06af

  • Size

    293KB

  • Sample

    230921-ywcjjacd39

  • MD5

    486ecdc9522e173d5cdef07bf7c22622

  • SHA1

    efe7a2cf5a4271a3f76fd2cab5139ff8d7e9e5f2

  • SHA256

    734c300338f40643967931a824822684721d02b80912b7066814a7802eff06af

  • SHA512

    f2c493fce94e5865315f05b6de3105adf489064ca8081a8bf5487c47d753840e9c90bf5539f2b1b80813f730d70acd3faba7785183482d289e002688572dc0a3

  • SSDEEP

    3072:QaCXPpzS2vD6rhxJpvwgLrFxQTRvM74OjjbIYhg85ve:xCPZS4cxJpvwO/4GjbISg8F

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      734c300338f40643967931a824822684721d02b80912b7066814a7802eff06af

    • Size

      293KB

    • MD5

      486ecdc9522e173d5cdef07bf7c22622

    • SHA1

      efe7a2cf5a4271a3f76fd2cab5139ff8d7e9e5f2

    • SHA256

      734c300338f40643967931a824822684721d02b80912b7066814a7802eff06af

    • SHA512

      f2c493fce94e5865315f05b6de3105adf489064ca8081a8bf5487c47d753840e9c90bf5539f2b1b80813f730d70acd3faba7785183482d289e002688572dc0a3

    • SSDEEP

      3072:QaCXPpzS2vD6rhxJpvwgLrFxQTRvM74OjjbIYhg85ve:xCPZS4cxJpvwO/4GjbISg8F

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks