General
-
Target
943cbd8d7b6b40805c109fec2c4b7540b48895fc876d4b7cc7adf422b2d8fd5a
-
Size
159KB
-
Sample
240417-qnhftaah3w
-
MD5
c14314422a9ff2a613d53c6688ab3acb
-
SHA1
46a6671d70d8f331b54ae7dc64e35f028652b27a
-
SHA256
943cbd8d7b6b40805c109fec2c4b7540b48895fc876d4b7cc7adf422b2d8fd5a
-
SHA512
978fa2cdfaa3bc330ab912884acffd48de01582f8468884b658813e4c88a07bf2e0d4ccae5cdb0a69177356bce60282fee29657edf16f8ecd467241765e48ea0
-
SSDEEP
3072://aI7Ku1Qw2CyPk65vV4/SPVPHVNfUAUCxNn9QU42vqZ87wmfp/pIWTi6ItAeE:HtB3659mS9LcAZxNV9f9aWet3E
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Targets
-
-
Target
6610e3f433a1a54fff1dcb16ca8d08137481d19cd706d1cd73e75030be8ff720.exe
-
Size
300KB
-
MD5
62e5fd85ce51c117efe2b5d7878666a5
-
SHA1
51abc31105ddf829ebae52360fd4ae18a45a9bd1
-
SHA256
6610e3f433a1a54fff1dcb16ca8d08137481d19cd706d1cd73e75030be8ff720
-
SHA512
5cb9f5d419643703093ee2e2db45d017307edd3adb881e5db646fa0e4ab7f98dc0fa1787a2c94e9f597442f65796a9b0d8838abb34dafa9fcdc3663e9a943d34
-
SSDEEP
3072:ZZ4GK2h1ohdN1S8HF2b+BMiXTHEOXSawHt+IbJEs6LePU3dxf/eDLD8M:Znhzsk8HF2bSj1aHlisQePUtReDMM
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Legitimate hosting services abused for malware hosting/C2
-