General

  • Target

    b19ea68941ac6a60f6a2d98fa80c022c

  • Size

    181KB

  • Sample

    240304-jy6g3ade4y

  • MD5

    b19ea68941ac6a60f6a2d98fa80c022c

  • SHA1

    e1e3166abb974f8f1194005e46f73c2eb4218ead

  • SHA256

    cfc34e5f72f2f5960b55cdf15d303a4a3b1922779743587d81c7de00af23f2c0

  • SHA512

    a52cbf0539df5706b286f878d328dc02e1a2111c112b77be027e6d8a6d8fadea47373484c8e7c33b64ee9a2280dd225a4c91de620f63a904a064d89e6d08d644

  • SSDEEP

    3072:vvLNYWCYxeQLugb9MUcG2Hjn1c8b6R18a4ROTR/CZAQ:vvLA4TuuWHjaWSORON/Ci

Malware Config

Extracted

Family

smokeloader

Botnet

0708

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforjuly1.xyz/

http://readinglistforjuly2.xyz/

http://readinglistforjuly3.xyz/

http://readinglistforjuly4.xyz/

http://readinglistforjuly5.xyz/

http://readinglistforjuly6.xyz/

http://readinglistforjuly7.xyz/

http://readinglistforjuly8.xyz/

http://readinglistforjuly9.xyz/

http://readinglistforjuly10.xyz/

http://readinglistforjuly1.site/

http://readinglistforjuly2.site/

http://readinglistforjuly3.site/

http://readinglistforjuly4.site/

http://readinglistforjuly5.site/

http://readinglistforjuly6.site/

http://readinglistforjuly7.site/

http://readinglistforjuly8.site/

http://readinglistforjuly9.site/

http://readinglistforjuly10.site/

rc4.i32
rc4.i32

Targets

    • Target

      b19ea68941ac6a60f6a2d98fa80c022c

    • Size

      181KB

    • MD5

      b19ea68941ac6a60f6a2d98fa80c022c

    • SHA1

      e1e3166abb974f8f1194005e46f73c2eb4218ead

    • SHA256

      cfc34e5f72f2f5960b55cdf15d303a4a3b1922779743587d81c7de00af23f2c0

    • SHA512

      a52cbf0539df5706b286f878d328dc02e1a2111c112b77be027e6d8a6d8fadea47373484c8e7c33b64ee9a2280dd225a4c91de620f63a904a064d89e6d08d644

    • SSDEEP

      3072:vvLNYWCYxeQLugb9MUcG2Hjn1c8b6R18a4ROTR/CZAQ:vvLA4TuuWHjaWSORON/Ci

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks