General
-
Target
f25a08902b5bcfbe2df1315fb4057ec279ca2f71b85712d3856076235a88f249
-
Size
161KB
-
Sample
240417-qqy7cahe39
-
MD5
40d490ebcc6836fda12170c9f5fb42ca
-
SHA1
9730036f30ea20f2472b58af04ef05f6010aac7e
-
SHA256
f25a08902b5bcfbe2df1315fb4057ec279ca2f71b85712d3856076235a88f249
-
SHA512
54ba06c53294046ca45edab65ebe7bfd85ff515274de9777ab7cbe1f0248157a29d73a54e10ccc5c5fc6c40237d0d2b4571bad02fb77e32d95b0a97cc0383f14
-
SSDEEP
3072://CNxTF4TnYyCBrthVRi/j29pkVCpUqz2pXzrNadqvL8ygTlC6:8FcnYtph7aazUzRaW4ygTA6
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Targets
-
-
Target
20bade08687a1356c343a70a124e7441aa3f2c1824f50b77e552421ee61c3ba3.exe
-
Size
312KB
-
MD5
540326cdda418bc16b3ef5eb9f14b24a
-
SHA1
15085220874365e6c95cb501c7973fc34d9eb7fd
-
SHA256
20bade08687a1356c343a70a124e7441aa3f2c1824f50b77e552421ee61c3ba3
-
SHA512
e9aa792cffd04362c0b64cdbe5d8ca04a6180f40f561376f4e825f6d290dca3742cdff783e7550b3815302d5b75d2846771815e3c8e22117019f39ec997da86b
-
SSDEEP
3072:PfQrW+DOwR/lV+ZYY+EXd839mWsmBz6rHXUYznNuOuK:mGSVO1W39rFz6zXUY7cI
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Legitimate hosting services abused for malware hosting/C2
-