General
-
Target
f11ac106a54470a8574b728d8684a05a2d1df35745d2d8bc2ecd43bb9f3a98d2
-
Size
161KB
-
Sample
240417-qewxvagg58
-
MD5
358a32ef06960c5c3136eec71b6485ec
-
SHA1
d6986b62ea27729854f8f3e6270e14e7883bdf10
-
SHA256
f11ac106a54470a8574b728d8684a05a2d1df35745d2d8bc2ecd43bb9f3a98d2
-
SHA512
74919420562a9ae9dc3d09bf850e9515a7b3c41f1bc2dc2909c16ebafe1b92267d5b79552de5e9490adc881b08262c37bf3eda9b91a689d751411e08b108e747
-
SSDEEP
3072:YaPjkvo32zP7twKXHk2XmL52U/8Bgcee4ig8FnYyu:vPaLn31e488Bgc14ig8FY3
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Targets
-
-
Target
23e793eb5359e5934565840665798105435c69d7534e547204f5566486d75bfb.exe
-
Size
309KB
-
MD5
c5e8cd4452990f730e15432bcf436b5e
-
SHA1
03e098a5ce05bfad96d3fac87e88b6e5f57ba987
-
SHA256
23e793eb5359e5934565840665798105435c69d7534e547204f5566486d75bfb
-
SHA512
5353b92fc4b58ffae9bdaf3aacab2e0847f88bc738365f5157f66a4e3927cba3d12f5d68876f0403c47cebb21c1e67c1bf88211a41c5e750164326134ec9b6e7
-
SSDEEP
3072:c/0oaShCZaBMkI+scKmEXs4bRYJAZbzo68LoPjigwIsXl68S71nZ1ApkYn5:jeckIBtR2Q8gnsXAR31wH
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Legitimate hosting services abused for malware hosting/C2
-