General
-
Target
947fb340a672bd684a18ab7aeb7fe28cd9f2eee3c0de99c205f3a4a39aad12c0_JC.exe
-
Size
302KB
-
Sample
231014-axtbnshg65
-
MD5
1a8b0853338c0e0eab5d13746038fae9
-
SHA1
3132faa6943319d0d6a29940698c2fc39fb89062
-
SHA256
947fb340a672bd684a18ab7aeb7fe28cd9f2eee3c0de99c205f3a4a39aad12c0
-
SHA512
f2c27edad737d0bc82309bb8fe723fd43fa04a320928ab115fcaba1751a81a6d36ea0ccfd4e5eda6aa520f3afd31047630b6c3eb2387a8d9d4d79ba0c3b99cd4
-
SSDEEP
3072:OOVBnvCNeLj8S+rLFOhgEl1L1JhrEX7CqluMFkaysVq8fnYO8J:vxoeLj8SKLF0j1LXhQLfoq/7R
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://gudintas.at/tmp/
http://pik96.ru/tmp/
http://rosatiauto.com/tmp/
http://kingpirate.ru/tmp/
Targets
-
-
Target
947fb340a672bd684a18ab7aeb7fe28cd9f2eee3c0de99c205f3a4a39aad12c0_JC.exe
-
Size
302KB
-
MD5
1a8b0853338c0e0eab5d13746038fae9
-
SHA1
3132faa6943319d0d6a29940698c2fc39fb89062
-
SHA256
947fb340a672bd684a18ab7aeb7fe28cd9f2eee3c0de99c205f3a4a39aad12c0
-
SHA512
f2c27edad737d0bc82309bb8fe723fd43fa04a320928ab115fcaba1751a81a6d36ea0ccfd4e5eda6aa520f3afd31047630b6c3eb2387a8d9d4d79ba0c3b99cd4
-
SSDEEP
3072:OOVBnvCNeLj8S+rLFOhgEl1L1JhrEX7CqluMFkaysVq8fnYO8J:vxoeLj8SKLF0j1LXhQLfoq/7R
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself
-
Executes dropped EXE
-