General

  • Target

    1b145bb6d2f112f8c2ca4582d36d6ee2e097c445d40c03280bcf6f50fbc55822

  • Size

    305KB

  • Sample

    230924-t3alasge2y

  • MD5

    3afc6d08e6e47bb313c0214fc50c1e4c

  • SHA1

    abadd32c0ac949284b98449454f025f80c7aec02

  • SHA256

    1b145bb6d2f112f8c2ca4582d36d6ee2e097c445d40c03280bcf6f50fbc55822

  • SHA512

    c204acc69b411f77cad3227eafd4c4a097eaa8c5ab471e8272fa2feff41f81906d12ef531585cd2899bd4c036d813628a13afb3e3633683d3583a5710e495426

  • SSDEEP

    6144:Bo8402Ya97tHUnrhMQxkcw21FKc+UJ57Lv:BZTJaNtHUrhM121dpv

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      1b145bb6d2f112f8c2ca4582d36d6ee2e097c445d40c03280bcf6f50fbc55822

    • Size

      305KB

    • MD5

      3afc6d08e6e47bb313c0214fc50c1e4c

    • SHA1

      abadd32c0ac949284b98449454f025f80c7aec02

    • SHA256

      1b145bb6d2f112f8c2ca4582d36d6ee2e097c445d40c03280bcf6f50fbc55822

    • SHA512

      c204acc69b411f77cad3227eafd4c4a097eaa8c5ab471e8272fa2feff41f81906d12ef531585cd2899bd4c036d813628a13afb3e3633683d3583a5710e495426

    • SSDEEP

      6144:Bo8402Ya97tHUnrhMQxkcw21FKc+UJ57Lv:BZTJaNtHUrhM121dpv

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks