General

  • Target

    e52dd9c3f4a93bb109e3d72602d7000f02c83a230fa392b0e3ae1ac039a58b89

  • Size

    310KB

  • Sample

    230923-vqdb4aah23

  • MD5

    9201a6faa902397373c885d6d69ece9e

  • SHA1

    7ca9268955de314da0e5d154afca5d27403073a7

  • SHA256

    e52dd9c3f4a93bb109e3d72602d7000f02c83a230fa392b0e3ae1ac039a58b89

  • SHA512

    0a4952173c000338444f5df32b64369f724d3040ede8c6dd32265eaed88ced0e951596a201fcb404f5ca4f7857ad4673f803c346adff19fcd025e7b374b3961a

  • SSDEEP

    6144:yuX2qVTqEhFrY/m+FFMaYMhCTI6NRPTh8XI/:nVTq+VY/moDYMsTvR7aQ

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      e52dd9c3f4a93bb109e3d72602d7000f02c83a230fa392b0e3ae1ac039a58b89

    • Size

      310KB

    • MD5

      9201a6faa902397373c885d6d69ece9e

    • SHA1

      7ca9268955de314da0e5d154afca5d27403073a7

    • SHA256

      e52dd9c3f4a93bb109e3d72602d7000f02c83a230fa392b0e3ae1ac039a58b89

    • SHA512

      0a4952173c000338444f5df32b64369f724d3040ede8c6dd32265eaed88ced0e951596a201fcb404f5ca4f7857ad4673f803c346adff19fcd025e7b374b3961a

    • SSDEEP

      6144:yuX2qVTqEhFrY/m+FFMaYMhCTI6NRPTh8XI/:nVTq+VY/moDYMsTvR7aQ

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks