General
-
Target
c75d9803bcf875312c96be421ba6563e00a06b14cbc391dc8636948db412c8e1
-
Size
144KB
-
Sample
240417-qe9hyaac9t
-
MD5
f2711ac2c61268b2d521598777af83c1
-
SHA1
4787921f0db7c0807c5021c0cf148cb612b3f175
-
SHA256
c75d9803bcf875312c96be421ba6563e00a06b14cbc391dc8636948db412c8e1
-
SHA512
8a6e26253b1a9565ddc24225c80763a10287af6c08f1214abc7b3d59caa3b1bc5679cfc5645331ce75fafb4441ad4f570d6b606a90606e83d6d663f08842c178
-
SSDEEP
3072:MfZgEJhdGESK6inhsQ0pgIjhinYi8l3fd+qUXFpCmPhxhksN4YrK5:q26Hh6ihs5qcEnY19bUXDZPqsNpE
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Targets
-
-
Target
e9839a31cca5038608b57f6e13e75f43aa845a2f892c917a77b3c4f0bcc35c7e.exe
-
Size
259KB
-
MD5
b05a74505fa03339578dff002ba57c69
-
SHA1
b9851e84dbd2c8b2ecccb30452ddccb0496ef974
-
SHA256
e9839a31cca5038608b57f6e13e75f43aa845a2f892c917a77b3c4f0bcc35c7e
-
SHA512
616337efd4b6a84f0590226b52d8c7398723afe43bb1fc879089a7474b7fd8949e16353bb4ff713da4295dbc4885d5eb34d9483d7441b726592371bb8f285dd3
-
SSDEEP
3072:NCEgl6HLc0iImEkhg569+wjkabBB2n2qr4j54wCxe9yFfqdwiB9ez/WnQEbK3Zk:NsUrc06Fue/kZr4j5vwbb0WWnQEbe
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Legitimate hosting services abused for malware hosting/C2
-