General

  • Target

    e645ba053af2486ad6ba75268209e8a1_JaffaCakes118

  • Size

    179KB

  • Sample

    240408-bc12fsca65

  • MD5

    e645ba053af2486ad6ba75268209e8a1

  • SHA1

    733834a94f191225d5f50cc29ec30463aa856516

  • SHA256

    17b3fdf382032542d2e447526d8d9c279bea04e736ea8f96215e68498bbbd25d

  • SHA512

    845512efc7179c5d62a7cf4d17119644878e2a38d87efa2f6a89eb3605b705e31bd508ce47258d83d2f00fe1e575e55197a5c48524293cf17158abd9e709abfe

  • SSDEEP

    3072:jSUR1o1d33g7gM0voaOP1lrxNPwnFlLT9SpniRGJ5250WPsArywoOLi6:+UR+1B0gjvUNLNPqzLTEpn1J525tPsR6

Malware Config

Extracted

Family

smokeloader

Botnet

0508

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforjuly1.xyz/

http://readinglistforjuly2.xyz/

http://readinglistforjuly3.xyz/

http://readinglistforjuly4.xyz/

http://readinglistforjuly5.xyz/

http://readinglistforjuly6.xyz/

http://readinglistforjuly7.xyz/

http://readinglistforjuly8.xyz/

http://readinglistforjuly9.xyz/

http://readinglistforjuly10.xyz/

http://readinglistforjuly1.site/

http://readinglistforjuly2.site/

http://readinglistforjuly3.site/

http://readinglistforjuly4.site/

http://readinglistforjuly5.site/

http://readinglistforjuly6.site/

http://readinglistforjuly7.site/

http://readinglistforjuly8.site/

http://readinglistforjuly9.site/

http://readinglistforjuly10.site/

rc4.i32
rc4.i32

Targets

    • Target

      e645ba053af2486ad6ba75268209e8a1_JaffaCakes118

    • Size

      179KB

    • MD5

      e645ba053af2486ad6ba75268209e8a1

    • SHA1

      733834a94f191225d5f50cc29ec30463aa856516

    • SHA256

      17b3fdf382032542d2e447526d8d9c279bea04e736ea8f96215e68498bbbd25d

    • SHA512

      845512efc7179c5d62a7cf4d17119644878e2a38d87efa2f6a89eb3605b705e31bd508ce47258d83d2f00fe1e575e55197a5c48524293cf17158abd9e709abfe

    • SSDEEP

      3072:jSUR1o1d33g7gM0voaOP1lrxNPwnFlLT9SpniRGJ5250WPsArywoOLi6:+UR+1B0gjvUNLNPqzLTEpn1J525tPsR6

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks