General

  • Target

    c4dbc6a039cd453d8bc3b0436465199ed2c5a16237b986819834e1550bf800f7

  • Size

    270KB

  • Sample

    230925-ct3r2sda27

  • MD5

    1e0ad95d868fbec3bae95b6d392314c5

  • SHA1

    66015b0f4e0f5b59fac1139739e3712dba0c46c0

  • SHA256

    c4dbc6a039cd453d8bc3b0436465199ed2c5a16237b986819834e1550bf800f7

  • SHA512

    ab8172c31fac69b384b040dfb093193eea78c499575143d13660e0420acf14d87b1d6a57c2f2c40af5885a1f4e42aa55faa304ded4a2020218a0a9e26daf3d33

  • SSDEEP

    6144:uR+hrJ+j+5j68KsT6h/OCy5U9uAO9AZ/8qw6:uRIN+j+5+RsqGGuol9w6

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      c4dbc6a039cd453d8bc3b0436465199ed2c5a16237b986819834e1550bf800f7

    • Size

      270KB

    • MD5

      1e0ad95d868fbec3bae95b6d392314c5

    • SHA1

      66015b0f4e0f5b59fac1139739e3712dba0c46c0

    • SHA256

      c4dbc6a039cd453d8bc3b0436465199ed2c5a16237b986819834e1550bf800f7

    • SHA512

      ab8172c31fac69b384b040dfb093193eea78c499575143d13660e0420acf14d87b1d6a57c2f2c40af5885a1f4e42aa55faa304ded4a2020218a0a9e26daf3d33

    • SSDEEP

      6144:uR+hrJ+j+5j68KsT6h/OCy5U9uAO9AZ/8qw6:uRIN+j+5+RsqGGuol9w6

    • Detected google phishing page

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks