General

  • Target

    7eadd2a867a51a6c6c04d812eb38b5ef

  • Size

    189KB

  • Sample

    240129-c9963ahffp

  • MD5

    7eadd2a867a51a6c6c04d812eb38b5ef

  • SHA1

    2f0df8b35dfc9228465972d6279ffd41495743a0

  • SHA256

    ebdac5603410d0c7a633e42d40b7798efabde9f11cd4acf7205032b8b9306dd2

  • SHA512

    0ccee2e1bb6e5bb83c0d79613eb1d1201ebbe6c2a3e949abfe4218dc0472afb9b04ae420440a58a736163fb4838145f9a68a9e5387e48357613c44fd52a780e0

  • SSDEEP

    3072:H20j7vYjOPNL4dq5e+HrReX6cnjTwa/N/zxJWtk0K:FvvYjOFL6+HrRgJnjTwa/RxJg

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32
rc4.i32

Targets

    • Target

      7eadd2a867a51a6c6c04d812eb38b5ef

    • Size

      189KB

    • MD5

      7eadd2a867a51a6c6c04d812eb38b5ef

    • SHA1

      2f0df8b35dfc9228465972d6279ffd41495743a0

    • SHA256

      ebdac5603410d0c7a633e42d40b7798efabde9f11cd4acf7205032b8b9306dd2

    • SHA512

      0ccee2e1bb6e5bb83c0d79613eb1d1201ebbe6c2a3e949abfe4218dc0472afb9b04ae420440a58a736163fb4838145f9a68a9e5387e48357613c44fd52a780e0

    • SSDEEP

      3072:H20j7vYjOPNL4dq5e+HrReX6cnjTwa/N/zxJWtk0K:FvvYjOFL6+HrRgJnjTwa/RxJg

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks