General

  • Target

    85db7cc9a71b77f93108648513ebe1384ceb2731e70defeca6245541826e41c3

  • Size

    270KB

  • Sample

    230925-fbnf7acc21

  • MD5

    90183adba54cc36c22d041246e9d1bf7

  • SHA1

    d14ed347e4fb29a13f51b99b7b14277ab3d1b025

  • SHA256

    85db7cc9a71b77f93108648513ebe1384ceb2731e70defeca6245541826e41c3

  • SHA512

    82adb76a17f0640172f521d7f8f4b51d360f22f546f2b45d2e7ff004054de1ffb5a327c42f2f9895d08bc2918a4f79df13441358316c7cdad8935d1432664d38

  • SSDEEP

    6144:SRNhrJ+j+5j68KsT6h/OCy5U9uAO9AY5HLrZqw6:SRjN+j+5+RsqGGu8WHLrgw6

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      85db7cc9a71b77f93108648513ebe1384ceb2731e70defeca6245541826e41c3

    • Size

      270KB

    • MD5

      90183adba54cc36c22d041246e9d1bf7

    • SHA1

      d14ed347e4fb29a13f51b99b7b14277ab3d1b025

    • SHA256

      85db7cc9a71b77f93108648513ebe1384ceb2731e70defeca6245541826e41c3

    • SHA512

      82adb76a17f0640172f521d7f8f4b51d360f22f546f2b45d2e7ff004054de1ffb5a327c42f2f9895d08bc2918a4f79df13441358316c7cdad8935d1432664d38

    • SSDEEP

      6144:SRNhrJ+j+5j68KsT6h/OCy5U9uAO9AY5HLrZqw6:SRjN+j+5+RsqGGu8WHLrgw6

    • Detected google phishing page

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks