General

  • Target

    f4ee23d07d350c520bb9f1d2348b727bb08b0861c9f887357c427dfa599f661c

  • Size

    270KB

  • Sample

    230925-d8bsjsdd46

  • MD5

    87ab5c8d1c2bc023753cecd4ca253eee

  • SHA1

    ee5add2eb8136a01a4ba4cd4e81ab59bfc8328a9

  • SHA256

    f4ee23d07d350c520bb9f1d2348b727bb08b0861c9f887357c427dfa599f661c

  • SHA512

    c3c7fa45f3ba42c21ab91764a5b4f2663cff6bd0d0dc426d6d857fc969be26d17daeccca87a66024ea8323b7ca1341763308c57f3dda8a813a44c3245eb309ee

  • SSDEEP

    6144:QRIhrJ+j+5j68KsT6h/OCy5U9uAOrAKMr9s/qw6:QRuN+j+5+RsqGGu+/r9xw6

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      f4ee23d07d350c520bb9f1d2348b727bb08b0861c9f887357c427dfa599f661c

    • Size

      270KB

    • MD5

      87ab5c8d1c2bc023753cecd4ca253eee

    • SHA1

      ee5add2eb8136a01a4ba4cd4e81ab59bfc8328a9

    • SHA256

      f4ee23d07d350c520bb9f1d2348b727bb08b0861c9f887357c427dfa599f661c

    • SHA512

      c3c7fa45f3ba42c21ab91764a5b4f2663cff6bd0d0dc426d6d857fc969be26d17daeccca87a66024ea8323b7ca1341763308c57f3dda8a813a44c3245eb309ee

    • SSDEEP

      6144:QRIhrJ+j+5j68KsT6h/OCy5U9uAOrAKMr9s/qw6:QRuN+j+5+RsqGGu+/r9xw6

    • Detected google phishing page

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks