General

  • Target

    0fedb4404d94b92490ce84f4beba4839f8b035f7d5bbfd5e18d7e491e5c8a5e4

  • Size

    191KB

  • Sample

    231012-em7tjadg2t

  • MD5

    33daeeb132af96590c3f4a4d899fd1e8

  • SHA1

    d31120167586ca35d77b7810eb29ed67f8cfd706

  • SHA256

    0fedb4404d94b92490ce84f4beba4839f8b035f7d5bbfd5e18d7e491e5c8a5e4

  • SHA512

    fbddbd87c43312eeb59aac49429ffc4d7f4e17e1477ea7d39c0584f009aae6b173c8cf11fcdd6d18a1f2feb69167a30e6cdb830bc31fbe86b447f3ec1d6fdb5e

  • SSDEEP

    3072:qyt1xr4e2IP5XuB8UPpaC1hNDohzyHhqDLHcK3m5V7o:qM1xr4e2IhXLUxaC1TDuzyBqPcka7o

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      0fedb4404d94b92490ce84f4beba4839f8b035f7d5bbfd5e18d7e491e5c8a5e4

    • Size

      191KB

    • MD5

      33daeeb132af96590c3f4a4d899fd1e8

    • SHA1

      d31120167586ca35d77b7810eb29ed67f8cfd706

    • SHA256

      0fedb4404d94b92490ce84f4beba4839f8b035f7d5bbfd5e18d7e491e5c8a5e4

    • SHA512

      fbddbd87c43312eeb59aac49429ffc4d7f4e17e1477ea7d39c0584f009aae6b173c8cf11fcdd6d18a1f2feb69167a30e6cdb830bc31fbe86b447f3ec1d6fdb5e

    • SSDEEP

      3072:qyt1xr4e2IP5XuB8UPpaC1hNDohzyHhqDLHcK3m5V7o:qM1xr4e2IhXLUxaC1TDuzyBqPcka7o

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks