General

  • Target

    558d199065a250fec8c4f1920765de40858fd5d599fbfd47c507a0b2fd2b5bef

  • Size

    270KB

  • Sample

    230925-dvx4mabg7v

  • MD5

    df5bacf7594f193f0ce800ae6b847fd5

  • SHA1

    fa5c581d8a2175730b5df7999c5c0cc6cef5f903

  • SHA256

    558d199065a250fec8c4f1920765de40858fd5d599fbfd47c507a0b2fd2b5bef

  • SHA512

    21fa60e46d69bfafb6ad872dae35942df70ce180023f63bb062efb1a8988c3321db610a23d7b5907ef7167996a0fd2b5ce1def82b6fff465880c3a4278cf83f4

  • SSDEEP

    6144:WRGhrJ+j+5j68KsT6h/OCy5U9uAOpAApPJUAqw6:WRwN+j+5+RsqGGuUwPeJw6

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      558d199065a250fec8c4f1920765de40858fd5d599fbfd47c507a0b2fd2b5bef

    • Size

      270KB

    • MD5

      df5bacf7594f193f0ce800ae6b847fd5

    • SHA1

      fa5c581d8a2175730b5df7999c5c0cc6cef5f903

    • SHA256

      558d199065a250fec8c4f1920765de40858fd5d599fbfd47c507a0b2fd2b5bef

    • SHA512

      21fa60e46d69bfafb6ad872dae35942df70ce180023f63bb062efb1a8988c3321db610a23d7b5907ef7167996a0fd2b5ce1def82b6fff465880c3a4278cf83f4

    • SSDEEP

      6144:WRGhrJ+j+5j68KsT6h/OCy5U9uAOpAApPJUAqw6:WRwN+j+5+RsqGGuUwPeJw6

    • Detected google phishing page

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks