General
-
Target
bec666257e17ad4ad44fd431c6fdcf0c
-
Size
177KB
-
Sample
240310-q8b5jaeb5t
-
MD5
bec666257e17ad4ad44fd431c6fdcf0c
-
SHA1
2a49a1b1c30317bf5376a699789345b05b6359a5
-
SHA256
7207f2cb25a9c37cded5eff0dc7707d7ef1c4f42ffb8b93aeab22f40d551a2de
-
SHA512
a43ba5e1cb92246141c6651ec2fd323aa06fcfe5b20db8ee5bd86769eb89296449650aa3bec742026371bb766ddb3b75331bdcc2eeb0588a12cd4b3aa205884c
-
SSDEEP
3072:hSnGz2DyiEfWOfErjROve+o5UPjgHwhZoWC9sI5/DuT61m:hNz8ofWOc0vPB8HwhZU9sI5/
Malware Config
Extracted
smokeloader
2020
http://readinglistforaugust1.xyz/
http://readinglistforaugust2.xyz/
http://readinglistforaugust3.xyz/
http://readinglistforaugust4.xyz/
http://readinglistforaugust5.xyz/
http://readinglistforaugust6.xyz/
http://readinglistforaugust7.xyz/
http://readinglistforaugust8.xyz/
http://readinglistforaugust9.xyz/
http://readinglistforaugust10.xyz/
http://readinglistforaugust1.site/
http://readinglistforaugust2.site/
http://readinglistforaugust3.site/
http://readinglistforaugust4.site/
http://readinglistforaugust5.site/
http://readinglistforaugust6.site/
http://readinglistforaugust7.site/
http://readinglistforaugust8.site/
http://readinglistforaugust9.site/
http://readinglistforaugust10.site/
Targets
-
-
Target
bec666257e17ad4ad44fd431c6fdcf0c
-
Size
177KB
-
MD5
bec666257e17ad4ad44fd431c6fdcf0c
-
SHA1
2a49a1b1c30317bf5376a699789345b05b6359a5
-
SHA256
7207f2cb25a9c37cded5eff0dc7707d7ef1c4f42ffb8b93aeab22f40d551a2de
-
SHA512
a43ba5e1cb92246141c6651ec2fd323aa06fcfe5b20db8ee5bd86769eb89296449650aa3bec742026371bb766ddb3b75331bdcc2eeb0588a12cd4b3aa205884c
-
SSDEEP
3072:hSnGz2DyiEfWOfErjROve+o5UPjgHwhZoWC9sI5/DuT61m:hNz8ofWOc0vPB8HwhZU9sI5/
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself
-
Suspicious use of SetThreadContext
-