General
-
Target
7d44fd73a8418642bb75227ed9c37636eddb48c54d9b1b5370ccf85aa2a7ee0e
-
Size
240KB
-
Sample
240418-2rvq4ahb49
-
MD5
5cda9f770634fb63a62aa0ebcad24ef7
-
SHA1
dcd89bbac906e42782999d94b0587d8a3c7efbb8
-
SHA256
7d44fd73a8418642bb75227ed9c37636eddb48c54d9b1b5370ccf85aa2a7ee0e
-
SHA512
88ebcce21f36d3850877c35ab851c420776dacc3ee0870879f5cc1896a849259cddceff762e5c247961090f7b177b97b3740bc74a39f73fab3a97138dd8a07aa
-
SSDEEP
3072:lHAEDKL/WUXe0NiCJxJI0ZvB0okKDyozVeTe5ufBfVvUBeU6:GLu4XQLiZ0okLmCd1VvU1
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Targets
-
-
Target
7d44fd73a8418642bb75227ed9c37636eddb48c54d9b1b5370ccf85aa2a7ee0e
-
Size
240KB
-
MD5
5cda9f770634fb63a62aa0ebcad24ef7
-
SHA1
dcd89bbac906e42782999d94b0587d8a3c7efbb8
-
SHA256
7d44fd73a8418642bb75227ed9c37636eddb48c54d9b1b5370ccf85aa2a7ee0e
-
SHA512
88ebcce21f36d3850877c35ab851c420776dacc3ee0870879f5cc1896a849259cddceff762e5c247961090f7b177b97b3740bc74a39f73fab3a97138dd8a07aa
-
SSDEEP
3072:lHAEDKL/WUXe0NiCJxJI0ZvB0okKDyozVeTe5ufBfVvUBeU6:GLu4XQLiZ0okLmCd1VvU1
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1