General
-
Target
d5ef7d733f29914768836815e62e6ae671281d1513d3021408fc4a3dbb745bc0
-
Size
141KB
-
Sample
240417-rbfxwsah44
-
MD5
92bef26dad58dde0dc0192780282fc64
-
SHA1
853772f1a00341fb9aa249af2ad9e7270537627b
-
SHA256
d5ef7d733f29914768836815e62e6ae671281d1513d3021408fc4a3dbb745bc0
-
SHA512
2b2fc9cfa2d1c9176f2f31bbd7d507ce1e73b4cc91b7cbf98bbf389b8d6c76fe86112e77c492cfb7b5fe29abc8acfc66bf0dd39b30d3bfee51d4236dc4c0c429
-
SSDEEP
3072:6bnuk0qpjMIVt80TR3VonprqahMW7P1NKmxU2UAqPcZcx9qFD:6Duk0qRl8iRF+ph7Pg2xqn8D
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Targets
-
-
Target
6ba1032624069a6bd1ff582c5e83832976fb693dd8814c4ac14e94dbbdf4c00d.exe
-
Size
271KB
-
MD5
5b9adba171cd2853acc8533c96e1c814
-
SHA1
d415ff5fc9caa6fd4e7e69bc8ea7b42e9c84e7b1
-
SHA256
6ba1032624069a6bd1ff582c5e83832976fb693dd8814c4ac14e94dbbdf4c00d
-
SHA512
27f2f2c4670fddcb40364e6373561261a5631353651bc29c72e1bd270c594db084351b8cc25c531fe5097c9ab5fe0c0b3f173a36e3b47901ebf7cd3763074bd5
-
SSDEEP
3072:s+qUpt6FGAamWyuILne8gQ0LaP9um8JVNhdPWleHO2ImTHrNlokp8ae:sG6oATg8XMkEJvhd+leuFm/K
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Legitimate hosting services abused for malware hosting/C2
-