General

  • Target

    a6ef9d17ec98d77ce64e3e9a439ed970fe2f777086b07e6f11041e0258090642

  • Size

    219KB

  • Sample

    230930-vjbvpaeb4x

  • MD5

    2629289c44d3d529f3b0e24847e6b3be

  • SHA1

    3b663d337eb0371dad82cecd74719f48b9f9edec

  • SHA256

    a6ef9d17ec98d77ce64e3e9a439ed970fe2f777086b07e6f11041e0258090642

  • SHA512

    76ff1f5567490ec31db1813909f1160f0b1a2896a0f7a4651d6b0a90681ba74a7645759611a4c9c02f320d2bab7cd864c1ffb540c48bf2127087f46b908259f2

  • SSDEEP

    3072:Ab+yxRTPcC9KQ/6XZe4nOLv5G9mHRSrU5B55/2aIYJ:AjcC97g84iR/x++Z2aI

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
1
0x33f8f0d2
rc4.i32
1
0xaa0488bb

Targets

    • Target

      a6ef9d17ec98d77ce64e3e9a439ed970fe2f777086b07e6f11041e0258090642

    • Size

      219KB

    • MD5

      2629289c44d3d529f3b0e24847e6b3be

    • SHA1

      3b663d337eb0371dad82cecd74719f48b9f9edec

    • SHA256

      a6ef9d17ec98d77ce64e3e9a439ed970fe2f777086b07e6f11041e0258090642

    • SHA512

      76ff1f5567490ec31db1813909f1160f0b1a2896a0f7a4651d6b0a90681ba74a7645759611a4c9c02f320d2bab7cd864c1ffb540c48bf2127087f46b908259f2

    • SSDEEP

      3072:Ab+yxRTPcC9KQ/6XZe4nOLv5G9mHRSrU5B55/2aIYJ:AjcC97g84iR/x++Z2aI

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.