General

  • Target

    0ffab407dd3ebd93f007e24f439bbda8c8b68d50b5ba6537213608608c6f8d61exe_JC.exe

  • Size

    272KB

  • Sample

    231012-2b89jsfc99

  • MD5

    a2b789e166d74ec2865e7a1c70233ef3

  • SHA1

    d2c57c662861fb847c08045044b30473e7d0f334

  • SHA256

    0ffab407dd3ebd93f007e24f439bbda8c8b68d50b5ba6537213608608c6f8d61

  • SHA512

    b721b0aa220f9d85bb9ed7dc122a3e8c38a1c0e40ae8fc3a8dcc3534893ee03947777609a4e9cafff18998b79fb89916bf2a624f47749c41b40061a5ff370183

  • SSDEEP

    3072:bPNnEMUvutnGAL60p4XKJBjL0GIMzEGjw2hqNJ:bNAvutnGAL60WXuB/uepg

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      0ffab407dd3ebd93f007e24f439bbda8c8b68d50b5ba6537213608608c6f8d61exe_JC.exe

    • Size

      272KB

    • MD5

      a2b789e166d74ec2865e7a1c70233ef3

    • SHA1

      d2c57c662861fb847c08045044b30473e7d0f334

    • SHA256

      0ffab407dd3ebd93f007e24f439bbda8c8b68d50b5ba6537213608608c6f8d61

    • SHA512

      b721b0aa220f9d85bb9ed7dc122a3e8c38a1c0e40ae8fc3a8dcc3534893ee03947777609a4e9cafff18998b79fb89916bf2a624f47749c41b40061a5ff370183

    • SSDEEP

      3072:bPNnEMUvutnGAL60p4XKJBjL0GIMzEGjw2hqNJ:bNAvutnGAL60WXuB/uepg

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks