General

  • Target

    77dc26ba88c0fbec254049a50ce107c5137d83f51c32c1cad659bac1b906a219

  • Size

    270KB

  • Sample

    230925-b9tnmscg37

  • MD5

    021b4ba2e1001d0741145ea8bda5a51b

  • SHA1

    17fc72a08022c90449a354b136c5a0bc999a7934

  • SHA256

    77dc26ba88c0fbec254049a50ce107c5137d83f51c32c1cad659bac1b906a219

  • SHA512

    9db1e34e68f7e9c7cffa3d9be510b67fb44231d5f6ca4b0b6cee61f56e442e51b0933932ebc4bbe005f7f3ab74b6b07cfff4079de607a9afce272750ff601dad

  • SSDEEP

    6144:dRWhrJ+j+5j68KsT6h/OCy5U9uAOAAkPz1qw6:dRAN+j+5+RsqGGunkPQw6

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      77dc26ba88c0fbec254049a50ce107c5137d83f51c32c1cad659bac1b906a219

    • Size

      270KB

    • MD5

      021b4ba2e1001d0741145ea8bda5a51b

    • SHA1

      17fc72a08022c90449a354b136c5a0bc999a7934

    • SHA256

      77dc26ba88c0fbec254049a50ce107c5137d83f51c32c1cad659bac1b906a219

    • SHA512

      9db1e34e68f7e9c7cffa3d9be510b67fb44231d5f6ca4b0b6cee61f56e442e51b0933932ebc4bbe005f7f3ab74b6b07cfff4079de607a9afce272750ff601dad

    • SSDEEP

      6144:dRWhrJ+j+5j68KsT6h/OCy5U9uAOAAkPz1qw6:dRAN+j+5+RsqGGunkPQw6

    • Detected google phishing page

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks