General
-
Target
f874356ddee152fcdb366283fbb70d86.bin
-
Size
524KB
-
Sample
231003-dexg6ahg73
-
MD5
4cada9f2d3f74ec27ae50fa4a1bd0594
-
SHA1
1cc0947a5a8506d17df8b65c304329506a6938b4
-
SHA256
3bb1a5ad396e6d2ec3515d022e9fde7fc0072d9ee955bef266103b754904dade
-
SHA512
f5570441a926fa102d709823d0fbb74bd9e5803f2a54567accbbe305511d4e1e32c68a5f1b7db0bcbf5aaba3713bba458f866daae4369634e323cf2542ff1b36
-
SSDEEP
12288:VzNRbGwd3E7slZ93UzCE2b0wXfm631Nd0m+Rb8fsst7bysvw:VzNRnNE7WZ0kpD6N+su1o
Malware Config
Extracted
smokeloader
rlol
Extracted
smokeloader
2020
http://akmedia.in/js/k/index.php
http://bethesdaserukam.org/setting/k/index.php
http://stemschools.in/js/k/index.php
http://dejarestaurant.com/wp-admin/js/k/index.php
http://moabscript.ir/wp-admin/js/k/index.php
http://nicehybridseeds.com/image/catalog/k/index.php
http://imaker.io/picktail/js/k/index.php
http://nanavatisworld.com/assets/js/k/index.php
http://smartbubox.com/img/k/index.php
http://krigenpharmaceuticals.com/js/k/index.php
Targets
-
-
Target
ae346575b504f4c6440a8c7f3f3b6d3ca3507679cb851aa1572edac210ff1eef.exe
-
Size
744KB
-
MD5
f874356ddee152fcdb366283fbb70d86
-
SHA1
bb4e45490cb24ddbf14362144a96fd4eeb3810cd
-
SHA256
ae346575b504f4c6440a8c7f3f3b6d3ca3507679cb851aa1572edac210ff1eef
-
SHA512
8e7d8214ce7fc727ab14c14003d93f841afea2ea026693ae8524629eaf6f11aafe13fec09313f6426cc2583fc5693b2e0c29b53817397caa3cf2b428b25b54a0
-
SSDEEP
12288:tUs9rDJBnYwPzIFb4Hkslb58JJToePbRp/D9k5Z7Jjlpqj74F4rN+KvLU/7frwFQ:qs9rN9YwPzIFbDslb50xVdDm5Z1ppqXS
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-