General

  • Target

    82a134920474a148dffde34ac05d858980f8e2b702c9195e961b0446dbf3eb08

  • Size

    186KB

  • Sample

    230922-tdcpcsha9y

  • MD5

    c1f257065788ec87d854c19262f60e2d

  • SHA1

    d6f451114cc0a397b8e4ec8fa656ea167f1ed42d

  • SHA256

    82a134920474a148dffde34ac05d858980f8e2b702c9195e961b0446dbf3eb08

  • SHA512

    6557a074a6e646d11b0dcb0d438ff2b819f32c47e9a0d761dcdbe973c8235702221a5b384a7b5a1c75c97f974ba51dab58d9216a3c779cc7ead436b79b8f6343

  • SSDEEP

    3072:mr0mAdMFyW1OA71gAeS+u2QkPK0OPCHIIpvd51QnNtz:mxAdMFyW1ORAeS+ZQkfwOIKdQ

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      82a134920474a148dffde34ac05d858980f8e2b702c9195e961b0446dbf3eb08

    • Size

      186KB

    • MD5

      c1f257065788ec87d854c19262f60e2d

    • SHA1

      d6f451114cc0a397b8e4ec8fa656ea167f1ed42d

    • SHA256

      82a134920474a148dffde34ac05d858980f8e2b702c9195e961b0446dbf3eb08

    • SHA512

      6557a074a6e646d11b0dcb0d438ff2b819f32c47e9a0d761dcdbe973c8235702221a5b384a7b5a1c75c97f974ba51dab58d9216a3c779cc7ead436b79b8f6343

    • SSDEEP

      3072:mr0mAdMFyW1OA71gAeS+u2QkPK0OPCHIIpvd51QnNtz:mxAdMFyW1ORAeS+ZQkfwOIKdQ

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks