General
-
Target
0aa4e26b6c33231d6a18ca33c01558aa3ca99f9fa748ae4889a9db289b5e8688
-
Size
161KB
-
Sample
240417-qq281ahe47
-
MD5
c70ebbc44308d5396023529bab6f268b
-
SHA1
025d49b57e92bd5c54bdc20be2247ae203e8c5e0
-
SHA256
0aa4e26b6c33231d6a18ca33c01558aa3ca99f9fa748ae4889a9db289b5e8688
-
SHA512
a850e4d650c79dc2f3b68647105e43f5cd53a73ec11f92f7a67b35e19551f0a6ebbf493d858aee2829c2e42e961cfb6e8743bf70c3a37728448d9d85fa0bdbe2
-
SSDEEP
3072:ez9wgsvy6qAwiEkzY1CAzdxJIFTCD1msZDjULWo2R2mzK7c4s0/OK9r:6wgsoi9YUAhLWTS7Z/U2vcd/P
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Targets
-
-
Target
23e793eb5359e5934565840665798105435c69d7534e547204f5566486d75bfb.exe
-
Size
309KB
-
MD5
c5e8cd4452990f730e15432bcf436b5e
-
SHA1
03e098a5ce05bfad96d3fac87e88b6e5f57ba987
-
SHA256
23e793eb5359e5934565840665798105435c69d7534e547204f5566486d75bfb
-
SHA512
5353b92fc4b58ffae9bdaf3aacab2e0847f88bc738365f5157f66a4e3927cba3d12f5d68876f0403c47cebb21c1e67c1bf88211a41c5e750164326134ec9b6e7
-
SSDEEP
3072:c/0oaShCZaBMkI+scKmEXs4bRYJAZbzo68LoPjigwIsXl68S71nZ1ApkYn5:jeckIBtR2Q8gnsXAR31wH
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Legitimate hosting services abused for malware hosting/C2
-