General

  • Target

    7bc78ae29f7bd99effbd39d5b86be6cbd1928affcddf0e3405d01d8292cc4bac

  • Size

    229KB

  • Sample

    240128-bmvmesgbf6

  • MD5

    567ec8bc580c53a36cc7cb7f0fd195e9

  • SHA1

    234633ed137668fbda14b94ecddc0aaf82e3343d

  • SHA256

    7bc78ae29f7bd99effbd39d5b86be6cbd1928affcddf0e3405d01d8292cc4bac

  • SHA512

    71383befdf87b78d4458824094bbb256450fee07130d4a1b6d9eb60b3d859de92151066146cd9f518087810161158341ab96b52d083caac8fd2de8beb3b0cf6c

  • SSDEEP

    3072:vgFLgaaoeUUG4JiE/Tt+/uFQJkLRFFCiLLMuiatzmkXCI2RQeQ7UzKoD:YFLgv/Gs/Ik9TPiaXJed

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      7bc78ae29f7bd99effbd39d5b86be6cbd1928affcddf0e3405d01d8292cc4bac

    • Size

      229KB

    • MD5

      567ec8bc580c53a36cc7cb7f0fd195e9

    • SHA1

      234633ed137668fbda14b94ecddc0aaf82e3343d

    • SHA256

      7bc78ae29f7bd99effbd39d5b86be6cbd1928affcddf0e3405d01d8292cc4bac

    • SHA512

      71383befdf87b78d4458824094bbb256450fee07130d4a1b6d9eb60b3d859de92151066146cd9f518087810161158341ab96b52d083caac8fd2de8beb3b0cf6c

    • SSDEEP

      3072:vgFLgaaoeUUG4JiE/Tt+/uFQJkLRFFCiLLMuiatzmkXCI2RQeQ7UzKoD:YFLgv/Gs/Ik9TPiaXJed

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks