General

  • Target

    b0e9707acba8773deeb0b8b6b80a0c298f4181e68a9020c11007877771eb4cfd

  • Size

    306KB

  • Sample

    230924-vs8k1sgf2y

  • MD5

    3f0ae4850b60c9102f7e0a7bd121685a

  • SHA1

    aaac9902486d3bac425b90175850016204c973b0

  • SHA256

    b0e9707acba8773deeb0b8b6b80a0c298f4181e68a9020c11007877771eb4cfd

  • SHA512

    05da3ce38111faf024e56a5ddd9b8b9a127cf64077a6874a2400c102c2759270b57e9ced4a9376b90755a0bb0d080199cf9fd9eac422a35ff6151403c5e8e2f5

  • SSDEEP

    3072:FuUXR0YRBaII2mNWmZK8SQxBQHhcF7A9n5GvZ84xty7XyuJqh+:AUh0GBaII2fQxBQB87KnmZpxty+

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      b0e9707acba8773deeb0b8b6b80a0c298f4181e68a9020c11007877771eb4cfd

    • Size

      306KB

    • MD5

      3f0ae4850b60c9102f7e0a7bd121685a

    • SHA1

      aaac9902486d3bac425b90175850016204c973b0

    • SHA256

      b0e9707acba8773deeb0b8b6b80a0c298f4181e68a9020c11007877771eb4cfd

    • SHA512

      05da3ce38111faf024e56a5ddd9b8b9a127cf64077a6874a2400c102c2759270b57e9ced4a9376b90755a0bb0d080199cf9fd9eac422a35ff6151403c5e8e2f5

    • SSDEEP

      3072:FuUXR0YRBaII2mNWmZK8SQxBQHhcF7A9n5GvZ84xty7XyuJqh+:AUh0GBaII2fQxBQB87KnmZpxty+

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks