General
-
Target
0832710db80c09693315151187e947ae5192852b732e736804aa3a22b609b541
-
Size
107KB
-
Sample
240417-qmx5wahc59
-
MD5
9dc2ef9e084a2bed4b634257d8c50629
-
SHA1
4187213226989f5047659293530bb9086efa6cb8
-
SHA256
0832710db80c09693315151187e947ae5192852b732e736804aa3a22b609b541
-
SHA512
3035b480d24c8fd15959a935c5494c32cb258b4673589fb138a2c9238c6eb654826824f7cbc8fdd910f95f0340655a3b0ed2fc0c43704675df5024f2cf18e7b4
-
SSDEEP
1536:dEX5f++bbBMoJvONZAYt2YF4CaxoyxQLh7vk7oOXqofwJzmtvcVvOm4IWo563Nrb:dmFBbFx4iHQaCDLFmSzYm4IWo5GNKme4
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Targets
-
-
Target
2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b.exe
-
Size
186KB
-
MD5
0343235b3014134cd1f9c4f8f14bf327
-
SHA1
7df22fd8a194031121a4e4eba53d98c1a7f55bb8
-
SHA256
2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b
-
SHA512
1cefcccde826acf72f57d4a66f2cc22132773259aad246778a1fad3f059ec978a0d83b65eb3b447793d76629e0e20b6c4320d28ba42cf5c8acd70b102e3a7571
-
SSDEEP
3072:0vHATbTxwuWJy949xuZsG/t7GJ9JA4UJykW/JqZvoh:wYbTGuWC4HAVGJ98
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Legitimate hosting services abused for malware hosting/C2
-