General

  • Target

    55627a75c4cdc87a913050d1051c57c9d3ceb0aad3e6453a46ad17c9beaa5ef6

  • Size

    212KB

  • Sample

    230922-p78xfaaa55

  • MD5

    c2aeb963ab864bb2e5790346c6db79c6

  • SHA1

    989535bffba9966444865ab5294106b7e2e168da

  • SHA256

    55627a75c4cdc87a913050d1051c57c9d3ceb0aad3e6453a46ad17c9beaa5ef6

  • SHA512

    cc34e04e64a8325007ad55ec620d85959863e8584bab6511d52f7c99f5e548804d22a4c13aab5cf8da4b6524e4e755a6419277abe28ae38f653d372183876a64

  • SSDEEP

    3072:7XJWWgsnSimE4WAOTMahDGh0d8ig8s1J951KOm4wz:TEWjS8OOTMahDGh0d8ig8UFKy

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      55627a75c4cdc87a913050d1051c57c9d3ceb0aad3e6453a46ad17c9beaa5ef6

    • Size

      212KB

    • MD5

      c2aeb963ab864bb2e5790346c6db79c6

    • SHA1

      989535bffba9966444865ab5294106b7e2e168da

    • SHA256

      55627a75c4cdc87a913050d1051c57c9d3ceb0aad3e6453a46ad17c9beaa5ef6

    • SHA512

      cc34e04e64a8325007ad55ec620d85959863e8584bab6511d52f7c99f5e548804d22a4c13aab5cf8da4b6524e4e755a6419277abe28ae38f653d372183876a64

    • SSDEEP

      3072:7XJWWgsnSimE4WAOTMahDGh0d8ig8s1J951KOm4wz:TEWjS8OOTMahDGh0d8ig8UFKy

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks