General

  • Target

    c76fe7e5cfe5a94cc437f360f815b6f7c7eef063c528503e27e1d27a101f282a

  • Size

    188KB

  • Sample

    230922-zk3f9acc38

  • MD5

    ea676996230ba69c73e6dda4a710d36c

  • SHA1

    f2bdd794d402fe4a0f23161c3d661a6f122311f3

  • SHA256

    c76fe7e5cfe5a94cc437f360f815b6f7c7eef063c528503e27e1d27a101f282a

  • SHA512

    8a459903117ee60b128429d3b73818981a0c6f676e6870e6672d1b81f66949128f11419c9564d3f0796fde8e138a04cfaa99221d4b670db3f610e8aef11b0852

  • SSDEEP

    3072:3H1HnMnZetjjaa0dfxvziBeDey+K7zhhFakRK5VAyL:X1HnMnZE0dfxvziBeDe7K71hFRRG

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      c76fe7e5cfe5a94cc437f360f815b6f7c7eef063c528503e27e1d27a101f282a

    • Size

      188KB

    • MD5

      ea676996230ba69c73e6dda4a710d36c

    • SHA1

      f2bdd794d402fe4a0f23161c3d661a6f122311f3

    • SHA256

      c76fe7e5cfe5a94cc437f360f815b6f7c7eef063c528503e27e1d27a101f282a

    • SHA512

      8a459903117ee60b128429d3b73818981a0c6f676e6870e6672d1b81f66949128f11419c9564d3f0796fde8e138a04cfaa99221d4b670db3f610e8aef11b0852

    • SSDEEP

      3072:3H1HnMnZetjjaa0dfxvziBeDey+K7zhhFakRK5VAyL:X1HnMnZE0dfxvziBeDe7K71hFRRG

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks