General

  • Target

    3932277e7b8af21af26bd1dfc2c80346_JaffaCakes118

  • Size

    260KB

  • Sample

    240330-ljh5bsce8y

  • MD5

    3932277e7b8af21af26bd1dfc2c80346

  • SHA1

    ebea9588899bf005ddbb8b40a54507a02d441b58

  • SHA256

    798b6b6cc1b0a22e7a6f41af342b6430a5b291b918dbb0c1d0f596652da522a7

  • SHA512

    efa7f9d3a1de786d797fe497fb733b08c07d370cf2ef6b795aa438de1c9393ea485501348abb56afb357b1e7d3293090fd5c0eb76079119314eb873bb609b234

  • SSDEEP

    6144:UASRHmZDRiKYOMwY9DqP+T0qX7tNfVXVHQLIiu8cfo0/pW:9SRH4DRPHPwZGEX8cA0/M

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://honawey7.top/

http://wijibui0.top/

http://hefahei6.top/

http://pipevai4.top/

http://nalirou7.top/

rc4.i32
rc4.i32

Targets

    • Target

      3932277e7b8af21af26bd1dfc2c80346_JaffaCakes118

    • Size

      260KB

    • MD5

      3932277e7b8af21af26bd1dfc2c80346

    • SHA1

      ebea9588899bf005ddbb8b40a54507a02d441b58

    • SHA256

      798b6b6cc1b0a22e7a6f41af342b6430a5b291b918dbb0c1d0f596652da522a7

    • SHA512

      efa7f9d3a1de786d797fe497fb733b08c07d370cf2ef6b795aa438de1c9393ea485501348abb56afb357b1e7d3293090fd5c0eb76079119314eb873bb609b234

    • SSDEEP

      6144:UASRHmZDRiKYOMwY9DqP+T0qX7tNfVXVHQLIiu8cfo0/pW:9SRH4DRPHPwZGEX8cA0/M

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks