General
-
Target
1c0e5446542a67e11bd936b1a3b8e99680445b535cd2de6b72f86fa35a7a235f
-
Size
212KB
-
Sample
230922-pterfaga41
-
MD5
8dc7dabaeaee8c05889b817431a4f77a
-
SHA1
4bd17e75af9b4b797ad7b3ccf885823cfb006ced
-
SHA256
1c0e5446542a67e11bd936b1a3b8e99680445b535cd2de6b72f86fa35a7a235f
-
SHA512
3e543651fac826fae517aed5cca4ca4444e8838fc7dda3adcafbd0c3512c4299ed144ace50bcd5e5fccaad791e7abeae439bafbfa485bb1c03d9910bd3621643
-
SSDEEP
3072:VXyT/bYKlAp8GS5Ep1ek+2pUkMtwi4Uw5F7wqFzYXk:Ro/M0Ap65wl1gfA7VG
Malware Config
Extracted
smokeloader
up4
Extracted
smokeloader
2020
http://host-file-file0.com/
http://file-file-file1.com/
Targets
-
-
Target
1c0e5446542a67e11bd936b1a3b8e99680445b535cd2de6b72f86fa35a7a235f
-
Size
212KB
-
MD5
8dc7dabaeaee8c05889b817431a4f77a
-
SHA1
4bd17e75af9b4b797ad7b3ccf885823cfb006ced
-
SHA256
1c0e5446542a67e11bd936b1a3b8e99680445b535cd2de6b72f86fa35a7a235f
-
SHA512
3e543651fac826fae517aed5cca4ca4444e8838fc7dda3adcafbd0c3512c4299ed144ace50bcd5e5fccaad791e7abeae439bafbfa485bb1c03d9910bd3621643
-
SSDEEP
3072:VXyT/bYKlAp8GS5Ep1ek+2pUkMtwi4Uw5F7wqFzYXk:Ro/M0Ap65wl1gfA7VG
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of SetThreadContext
-