General
-
Target
c670b7a4bb4fc83c88c3d8d31075d830bfdc4ee0274ca68da266cd2d6d6740d4
-
Size
162KB
-
Sample
240417-qh67zsae6w
-
MD5
f791c3e7546be4a69338606ddba371fd
-
SHA1
950700f566ddc744c86d9b6e8b78f69f7eed697a
-
SHA256
c670b7a4bb4fc83c88c3d8d31075d830bfdc4ee0274ca68da266cd2d6d6740d4
-
SHA512
724709c4504598b2ff24a7098c3d90aea8a7c94e6a5bd1b71983994bb6f384c2dd5fbfc77420ec9053c52fe1d689e4e551577e9773bce8ff4ad5f8515fca95d7
-
SSDEEP
3072:iIJIn0j2pBmE8Q6h1X+aybWGegLqk9HH5AHyFI7qODMQaQaji:BJgRpAe6rXBybLxL39HZpqDMVji
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Targets
-
-
Target
abc5152266564f883ab915f2a1eec762cd98920e5e315974c926632942e31976.exe
-
Size
313KB
-
MD5
49c1a7094df766b5e5868811f298b529
-
SHA1
c48fc045b5ee06e02d558f3c3551a463199725b9
-
SHA256
abc5152266564f883ab915f2a1eec762cd98920e5e315974c926632942e31976
-
SHA512
c34cf47f715fffb4c4b9ec4ba587ea0c455d3baf7192408114b9f7260dbb1ee6b28c794157cfdd12c6048e99e9140220d77232bd9355cb96db7df9e566ba9490
-
SSDEEP
3072:9gw3B7c4wkQMR+BYYeEX+qP4XTkedBoRv0XgGlf+N9XF6kVQvVYKAG:zxd/RmFMkeAv0ltKXF6k2NvJ
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Legitimate hosting services abused for malware hosting/C2
-