General
-
Target
003e691923293c72dca0b670e9ff9390_JaffaCakes118
-
Size
30KB
-
Sample
240328-h28wxsch98
-
MD5
003e691923293c72dca0b670e9ff9390
-
SHA1
9019ddfe5e2bfea43005d59c34646ebde9d1f1fe
-
SHA256
a8e4f8648ff3dbfcf882b39d32033d3ca1f6fdaef9694107aba80f36a0480e36
-
SHA512
e8671ddd8e5287f1b0475bbf74fe3d8c8802895c35e7976935ce19405153bb5f5cc87b4b19b431faaad66f42d26f434b7bbfc34d6cc75d45dcd3aca26a770675
-
SSDEEP
768:aOsIP7IRNWUlaMijihcIGfTAy95w5HUWCvgnvh5gG:axYfMmiokyI5HUWAS
Malware Config
Extracted
smokeloader
host
Extracted
smokeloader
2020
http://planilhasvba.com.br/wp-admin/js/k/index.php
http://rpk32ubon.ac.th/backup/k/index.php
http://4urhappiness.com/app/k/index.php
http://swedenkhabar.com/wp-admin/js/k/index.php
http://cio.lankapanel.net/wp-admin/js/k/index.php
http://fcmsites.com.br/canal/wp-admin/js/k/index.php
http://lacoibipitanga.com.br/maxart/k/index.php
http://lacoibipitanga.com.br/cgi-bin/k/index.php
http://video.nalahotel.com/k/index.php
http://diving-phocea.com/wp-admin/k/index.php
http://phocea-sudan.com/cgi-bin/k/index.php
http://rpk32ubon.ac.th/wp-admin/js/k/index.php
https://www.twinrealty.com/vworker/k/index.php
Targets
-
-
Target
003e691923293c72dca0b670e9ff9390_JaffaCakes118
-
Size
30KB
-
MD5
003e691923293c72dca0b670e9ff9390
-
SHA1
9019ddfe5e2bfea43005d59c34646ebde9d1f1fe
-
SHA256
a8e4f8648ff3dbfcf882b39d32033d3ca1f6fdaef9694107aba80f36a0480e36
-
SHA512
e8671ddd8e5287f1b0475bbf74fe3d8c8802895c35e7976935ce19405153bb5f5cc87b4b19b431faaad66f42d26f434b7bbfc34d6cc75d45dcd3aca26a770675
-
SSDEEP
768:aOsIP7IRNWUlaMijihcIGfTAy95w5HUWCvgnvh5gG:axYfMmiokyI5HUWAS
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself
-
Loads dropped DLL
-