General

  • Target

    5383.exe

  • Size

    161KB

  • Sample

    240306-te1gtach2t

  • MD5

    50de50d9100e832d8fabfe179e344090

  • SHA1

    5009a1a1142bf449ed1b1883cdcd056d1eb90e18

  • SHA256

    30c9ad9803c697260d6dbf3109479101e195cebf8e2b56d0006b656bd4c072de

  • SHA512

    9ffd8a6c279e95eb7d595bff16d099ee32d2ca24286d35878fc53596537211fa89b1243a7fbd3ba26c64cd38be2d88baeb7a822f5aa44fb6d1bd8cec71061c14

  • SSDEEP

    3072:/iZUCzdMujBCyICdg82yDMgbrbCV+tdjgav:/6UChMsCyw8TYs4+tJ9

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://kamsmad.com/tmp/index.php

http://souzhensil.ru/tmp/index.php

http://teplokub.com.ua/tmp/index.php

rc4.i32
rc4.i32

Targets

    • Target

      5383.exe

    • Size

      161KB

    • MD5

      50de50d9100e832d8fabfe179e344090

    • SHA1

      5009a1a1142bf449ed1b1883cdcd056d1eb90e18

    • SHA256

      30c9ad9803c697260d6dbf3109479101e195cebf8e2b56d0006b656bd4c072de

    • SHA512

      9ffd8a6c279e95eb7d595bff16d099ee32d2ca24286d35878fc53596537211fa89b1243a7fbd3ba26c64cd38be2d88baeb7a822f5aa44fb6d1bd8cec71061c14

    • SSDEEP

      3072:/iZUCzdMujBCyICdg82yDMgbrbCV+tdjgav:/6UChMsCyw8TYs4+tJ9

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks