General

  • Target

    33eeddd38b08c28a5466eb357ab2401d_JaffaCakes118

  • Size

    344KB

  • Sample

    240330-fc1sxaha8w

  • MD5

    33eeddd38b08c28a5466eb357ab2401d

  • SHA1

    44a043cae0c9a07cf27d6cdf22f6a2e3ae9465d4

  • SHA256

    d395decedde3ce22737a67d9b4c781e591f4c3cd2755da66dca9d0b2885fae68

  • SHA512

    905808213b81d10ea98934987c42d7c7d44374cd580ef9e4a298f57c5bebb932c8037113082afb289f699a546ccd8e0bac2b6310581ee0bc7246d010e8539415

  • SSDEEP

    6144:t+XWS1QsItYALGhaf/v7dz1jKTznx7+I+hy0lGd4ZX/:tMWS1QswLGcf/vRJjKnnx7mhLGWd

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://honawey7.top/

http://wijibui0.top/

http://hefahei6.top/

http://pipevai4.top/

http://nalirou7.top/

rc4.i32
rc4.i32

Targets

    • Target

      33eeddd38b08c28a5466eb357ab2401d_JaffaCakes118

    • Size

      344KB

    • MD5

      33eeddd38b08c28a5466eb357ab2401d

    • SHA1

      44a043cae0c9a07cf27d6cdf22f6a2e3ae9465d4

    • SHA256

      d395decedde3ce22737a67d9b4c781e591f4c3cd2755da66dca9d0b2885fae68

    • SHA512

      905808213b81d10ea98934987c42d7c7d44374cd580ef9e4a298f57c5bebb932c8037113082afb289f699a546ccd8e0bac2b6310581ee0bc7246d010e8539415

    • SSDEEP

      6144:t+XWS1QsItYALGhaf/v7dz1jKTznx7+I+hy0lGd4ZX/:tMWS1QswLGcf/vRJjKnnx7mhLGWd

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks