General
-
Target
c35117d647c9e1fa8c73b8dd4b22a27cdf095dfad3148377c4d98c3ff4981579
-
Size
161KB
-
Sample
240417-qaattahh7x
-
MD5
925148fd6e69879f2f65633778321d7c
-
SHA1
842011bc2575943009861d3c78f3e60ef9e29453
-
SHA256
c35117d647c9e1fa8c73b8dd4b22a27cdf095dfad3148377c4d98c3ff4981579
-
SHA512
26da23ba31c3a1dd6379c6be7b49ba7e8f58e32eb53c6b467eb3692473d038b40d0b464d0569e7f7fdde1e98d67417fc1f17b5b06d1e26eefb8b10d184dd3ee8
-
SSDEEP
3072:GjHJBWTFFGiCjlLbS5iMuFPY9zIea8glTAPEvYVyCkCmNjCo5p+G:2pBWhqBfFxPwzIea7lTAPEvYmCWj35pN
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Targets
-
-
Target
20bade08687a1356c343a70a124e7441aa3f2c1824f50b77e552421ee61c3ba3.exe
-
Size
312KB
-
MD5
540326cdda418bc16b3ef5eb9f14b24a
-
SHA1
15085220874365e6c95cb501c7973fc34d9eb7fd
-
SHA256
20bade08687a1356c343a70a124e7441aa3f2c1824f50b77e552421ee61c3ba3
-
SHA512
e9aa792cffd04362c0b64cdbe5d8ca04a6180f40f561376f4e825f6d290dca3742cdff783e7550b3815302d5b75d2846771815e3c8e22117019f39ec997da86b
-
SSDEEP
3072:PfQrW+DOwR/lV+ZYY+EXd839mWsmBz6rHXUYznNuOuK:mGSVO1W39rFz6zXUY7cI
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Legitimate hosting services abused for malware hosting/C2
-