General

  • Target

    abc90cf9de4d2f4b45134b36e3a54185979cde738d79c5f0419c010d9adc7cb5

  • Size

    270KB

  • Sample

    230925-ffbm7acc5v

  • MD5

    f0a2121f6c9bdb4d1ac232d0c67ee651

  • SHA1

    cd08b3429707389707fbdd4b847777e8898e1b08

  • SHA256

    abc90cf9de4d2f4b45134b36e3a54185979cde738d79c5f0419c010d9adc7cb5

  • SHA512

    353bde827ffd0a0ae778849309b26ec1aeeec84ec23ff2a492b649e7334349a82a4e924f8f2d26caebc0d58894387177b72b04a5f35966e4ba492c93ff3f8564

  • SSDEEP

    6144:xRQhrJ+j+5j68KsT6h/OCy5U9uAO0ARJch9qw6:xR2N+j+5+RsqGGu7/bw6

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      abc90cf9de4d2f4b45134b36e3a54185979cde738d79c5f0419c010d9adc7cb5

    • Size

      270KB

    • MD5

      f0a2121f6c9bdb4d1ac232d0c67ee651

    • SHA1

      cd08b3429707389707fbdd4b847777e8898e1b08

    • SHA256

      abc90cf9de4d2f4b45134b36e3a54185979cde738d79c5f0419c010d9adc7cb5

    • SHA512

      353bde827ffd0a0ae778849309b26ec1aeeec84ec23ff2a492b649e7334349a82a4e924f8f2d26caebc0d58894387177b72b04a5f35966e4ba492c93ff3f8564

    • SSDEEP

      6144:xRQhrJ+j+5j68KsT6h/OCy5U9uAO0ARJch9qw6:xR2N+j+5+RsqGGu7/bw6

    • Detected google phishing page

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks