Resubmissions

10-01-2024 09:48

240110-lsxdbadaer 10

13-12-2023 10:19

231213-mcswmacfc4 10

13-12-2023 01:01

231213-bdbsysfcf5 10

General

  • Target

    05193c12562beb5de5f05ae6816c976f.bin

  • Size

    190KB

  • Sample

    240110-lsxdbadaer

  • MD5

    05193c12562beb5de5f05ae6816c976f

  • SHA1

    2c804f81e6949e2de30359d6085a7eef7b2457e6

  • SHA256

    ea755384c6e3558710e6bc8833d51e09aff904c76ecfa751895b9948feff726d

  • SHA512

    9241667e0476e386cbe89f67ae3eb09f4e023283297d567c39956f15497fdf74d1751832116137f11a2e8cb4d073fd3068ecfcc284db6e26263db7059cca60d0

  • SSDEEP

    3072:t07gIqLEHi+cOtsLpAjPsXp0qCAfs5qtrpJrkG5RScg7:cgIqLKi+cCjPwlCL5qBM

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      05193c12562beb5de5f05ae6816c976f.bin

    • Size

      190KB

    • MD5

      05193c12562beb5de5f05ae6816c976f

    • SHA1

      2c804f81e6949e2de30359d6085a7eef7b2457e6

    • SHA256

      ea755384c6e3558710e6bc8833d51e09aff904c76ecfa751895b9948feff726d

    • SHA512

      9241667e0476e386cbe89f67ae3eb09f4e023283297d567c39956f15497fdf74d1751832116137f11a2e8cb4d073fd3068ecfcc284db6e26263db7059cca60d0

    • SSDEEP

      3072:t07gIqLEHi+cOtsLpAjPsXp0qCAfs5qtrpJrkG5RScg7:cgIqLKi+cCjPwlCL5qBM

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks