General

  • Target

    ba618b945e0ffb2709208d3c4bd15960

  • Size

    317KB

  • Sample

    231227-3f6jwsdcf6

  • MD5

    ba618b945e0ffb2709208d3c4bd15960

  • SHA1

    b362a624a30f49f9a306dedba93dc02b1a1153c3

  • SHA256

    52d50c8eb51d3c1cca7baf57353f24943b8c880446ce53ca4e79db8844205503

  • SHA512

    3777665a6c422fc528cd8d1f1d9aa1975abd7ebaee86f3f26191b512558255228a759d5b64dcf7fa0dec1991d174829b18b71bc646ea412b6e63fb695602c06f

  • SSDEEP

    6144:GdumyxikXUcgH1R8GdNGcX7+YAyA5wcs4R:g2ikEX1R8ncLDJhQR

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32
rc4.i32

Targets

    • Target

      ba618b945e0ffb2709208d3c4bd15960

    • Size

      317KB

    • MD5

      ba618b945e0ffb2709208d3c4bd15960

    • SHA1

      b362a624a30f49f9a306dedba93dc02b1a1153c3

    • SHA256

      52d50c8eb51d3c1cca7baf57353f24943b8c880446ce53ca4e79db8844205503

    • SHA512

      3777665a6c422fc528cd8d1f1d9aa1975abd7ebaee86f3f26191b512558255228a759d5b64dcf7fa0dec1991d174829b18b71bc646ea412b6e63fb695602c06f

    • SSDEEP

      6144:GdumyxikXUcgH1R8GdNGcX7+YAyA5wcs4R:g2ikEX1R8ncLDJhQR

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks