General

  • Target

    df3587df28c7aa800ae74a223d93da76f3930c2fd2b2c72282956ba5b373d143

  • Size

    270KB

  • Sample

    230925-c1zc7sbe7z

  • MD5

    008e9e63914adcb60ef940ec1fe4a242

  • SHA1

    25781c1fe16a8bfb44998c328be790ff05f73337

  • SHA256

    df3587df28c7aa800ae74a223d93da76f3930c2fd2b2c72282956ba5b373d143

  • SHA512

    78832c487a6c7130737380ed7c03a769111b3c33dbb0959fe9c819ef859bfb473e9104bf782138535c6d98c2f248e40f62762e562b1bedac7a6f29916fbf791b

  • SSDEEP

    6144:6RhhrJ+j+5j68KsT6h/OCy5U9uAOpASsWqw6:6RXN+j+5+RsqGGuY/w6

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      df3587df28c7aa800ae74a223d93da76f3930c2fd2b2c72282956ba5b373d143

    • Size

      270KB

    • MD5

      008e9e63914adcb60ef940ec1fe4a242

    • SHA1

      25781c1fe16a8bfb44998c328be790ff05f73337

    • SHA256

      df3587df28c7aa800ae74a223d93da76f3930c2fd2b2c72282956ba5b373d143

    • SHA512

      78832c487a6c7130737380ed7c03a769111b3c33dbb0959fe9c819ef859bfb473e9104bf782138535c6d98c2f248e40f62762e562b1bedac7a6f29916fbf791b

    • SSDEEP

      6144:6RhhrJ+j+5j68KsT6h/OCy5U9uAOpASsWqw6:6RXN+j+5+RsqGGuY/w6

    • Detected google phishing page

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks