General

  • Target

    fbf7afb2ded5b12702f92f5c3620486e19b6d3a15b8703d8cf80b8d30a55b691

  • Size

    321KB

  • Sample

    230923-va4jcaha3y

  • MD5

    14b3ae8430e975d51a5452484a3bcfb5

  • SHA1

    4b1e785d83d7b3737c59c4ee81f7ae006792596d

  • SHA256

    fbf7afb2ded5b12702f92f5c3620486e19b6d3a15b8703d8cf80b8d30a55b691

  • SHA512

    7e0ae58ea2b6f5261823930b973e8855dfab7c226484dd03da0a1604a39cc2e05df98624df4cc6dbc533df191af59510a0f2804986cb909f32e62b5d5db71068

  • SSDEEP

    3072:SJHz/qhJ3Xkbm2RfN90YZSOcM3PwFF2SC4K+7LXoUSgfkfLcrtJ4B:oHzSh9XkbjfX0YEm4FvC4K27oUtkD

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      fbf7afb2ded5b12702f92f5c3620486e19b6d3a15b8703d8cf80b8d30a55b691

    • Size

      321KB

    • MD5

      14b3ae8430e975d51a5452484a3bcfb5

    • SHA1

      4b1e785d83d7b3737c59c4ee81f7ae006792596d

    • SHA256

      fbf7afb2ded5b12702f92f5c3620486e19b6d3a15b8703d8cf80b8d30a55b691

    • SHA512

      7e0ae58ea2b6f5261823930b973e8855dfab7c226484dd03da0a1604a39cc2e05df98624df4cc6dbc533df191af59510a0f2804986cb909f32e62b5d5db71068

    • SSDEEP

      3072:SJHz/qhJ3Xkbm2RfN90YZSOcM3PwFF2SC4K+7LXoUSgfkfLcrtJ4B:oHzSh9XkbjfX0YEm4FvC4K27oUtkD

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks