General

  • Target

    b150f24117c407bfe4ce13dbb456b3a0

  • Size

    201KB

  • Sample

    240304-f2stlabg94

  • MD5

    b150f24117c407bfe4ce13dbb456b3a0

  • SHA1

    1658c72e010fb925abd053f19a92f4d08e034dfe

  • SHA256

    d620056c5defae218de13235fc4a509d968bd55469092aa00095ff94a0246b7f

  • SHA512

    161bf1ae380e34cb8a6804e484a884fb22c807268f7ab4c361a4514592cfa6d71410c6352675e34aa8d58082bd9070f927d79206bf76dcbe1947ab683942fa5f

  • SSDEEP

    3072:aPGEYPwxmMqRS8b/LyA665HSPN3JQKtOgMRZafD4UA1b:SGdxlbTbc8bEcxb

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforaugust1.xyz/

http://readinglistforaugust2.xyz/

http://readinglistforaugust3.xyz/

http://readinglistforaugust4.xyz/

http://readinglistforaugust5.xyz/

http://readinglistforaugust6.xyz/

http://readinglistforaugust7.xyz/

http://readinglistforaugust8.xyz/

http://readinglistforaugust9.xyz/

http://readinglistforaugust10.xyz/

http://readinglistforaugust1.site/

http://readinglistforaugust2.site/

http://readinglistforaugust3.site/

http://readinglistforaugust4.site/

http://readinglistforaugust5.site/

http://readinglistforaugust6.site/

http://readinglistforaugust7.site/

http://readinglistforaugust8.site/

http://readinglistforaugust9.site/

http://readinglistforaugust10.site/

rc4.i32
rc4.i32

Targets

    • Target

      b150f24117c407bfe4ce13dbb456b3a0

    • Size

      201KB

    • MD5

      b150f24117c407bfe4ce13dbb456b3a0

    • SHA1

      1658c72e010fb925abd053f19a92f4d08e034dfe

    • SHA256

      d620056c5defae218de13235fc4a509d968bd55469092aa00095ff94a0246b7f

    • SHA512

      161bf1ae380e34cb8a6804e484a884fb22c807268f7ab4c361a4514592cfa6d71410c6352675e34aa8d58082bd9070f927d79206bf76dcbe1947ab683942fa5f

    • SSDEEP

      3072:aPGEYPwxmMqRS8b/LyA665HSPN3JQKtOgMRZafD4UA1b:SGdxlbTbc8bEcxb

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks