General
-
Target
051b8fe31a4832078eb31d3b45228ddd
-
Size
178KB
-
Sample
231229-1ytxpsddd6
-
MD5
051b8fe31a4832078eb31d3b45228ddd
-
SHA1
d3e4eee251493d835ce57d093c2542a902daea04
-
SHA256
70b6e46b2d70a18bec9d70a986602c0d67fc0c4400290559e733c2f1c87fa64b
-
SHA512
950c112584f24c3c28938d54a2436dfb86aea352b7f075190f99e70482dd8bcf3017e6ecdf3453dc1fcff90f3e2bffdea14e01d9af2274530633530ab3b46672
-
SSDEEP
3072:5WdXlH1d/+brNwMKIGS1pQLLqzcyxzaRTVetumCvIWArywoOLi6:5AVduNDKIGuqLL4cy10VQSRwoOL
Malware Config
Extracted
smokeloader
0408
Extracted
smokeloader
2020
http://readinglistforjuly1.xyz/
http://readinglistforjuly2.xyz/
http://readinglistforjuly3.xyz/
http://readinglistforjuly4.xyz/
http://readinglistforjuly5.xyz/
http://readinglistforjuly6.xyz/
http://readinglistforjuly7.xyz/
http://readinglistforjuly8.xyz/
http://readinglistforjuly9.xyz/
http://readinglistforjuly10.xyz/
http://readinglistforjuly1.site/
http://readinglistforjuly2.site/
http://readinglistforjuly3.site/
http://readinglistforjuly4.site/
http://readinglistforjuly5.site/
http://readinglistforjuly6.site/
http://readinglistforjuly7.site/
http://readinglistforjuly8.site/
http://readinglistforjuly9.site/
http://readinglistforjuly10.site/
Targets
-
-
Target
051b8fe31a4832078eb31d3b45228ddd
-
Size
178KB
-
MD5
051b8fe31a4832078eb31d3b45228ddd
-
SHA1
d3e4eee251493d835ce57d093c2542a902daea04
-
SHA256
70b6e46b2d70a18bec9d70a986602c0d67fc0c4400290559e733c2f1c87fa64b
-
SHA512
950c112584f24c3c28938d54a2436dfb86aea352b7f075190f99e70482dd8bcf3017e6ecdf3453dc1fcff90f3e2bffdea14e01d9af2274530633530ab3b46672
-
SSDEEP
3072:5WdXlH1d/+brNwMKIGS1pQLLqzcyxzaRTVetumCvIWArywoOLi6:5AVduNDKIGuqLL4cy10VQSRwoOL
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself
-
Suspicious use of SetThreadContext
-