General

  • Target

    8da313e45a206fec25907770fe737aa1a5dea1d5cd934924758401930a8c147f

  • Size

    270KB

  • Sample

    230925-fpljracc9y

  • MD5

    6f9135d57f8cb09750b0386e2c59fc8c

  • SHA1

    f46760bc663baf2608f141251f743264b935978a

  • SHA256

    8da313e45a206fec25907770fe737aa1a5dea1d5cd934924758401930a8c147f

  • SHA512

    d7c26a7f8c944d03c80fe4415d1d6444de9d7e5be0ffd494026741535bb396aa9524c06a86b6103877b151f9219de23d9377a6ec07171b1708f6b4ae5f432733

  • SSDEEP

    6144:iR+hrJ+j+5j68KsT6h/OCy5U9uAOVAXpwltBn3qw6:iRIN+j+5+RsqGGuoKuw6

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      8da313e45a206fec25907770fe737aa1a5dea1d5cd934924758401930a8c147f

    • Size

      270KB

    • MD5

      6f9135d57f8cb09750b0386e2c59fc8c

    • SHA1

      f46760bc663baf2608f141251f743264b935978a

    • SHA256

      8da313e45a206fec25907770fe737aa1a5dea1d5cd934924758401930a8c147f

    • SHA512

      d7c26a7f8c944d03c80fe4415d1d6444de9d7e5be0ffd494026741535bb396aa9524c06a86b6103877b151f9219de23d9377a6ec07171b1708f6b4ae5f432733

    • SSDEEP

      6144:iR+hrJ+j+5j68KsT6h/OCy5U9uAOVAXpwltBn3qw6:iRIN+j+5+RsqGGuoKuw6

    • Detected google phishing page

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks