General
-
Target
%APPDATA%ihghgva.exe
-
Size
276KB
-
Sample
240418-padd9sdh4t
-
MD5
6ec067ff2cd91713b33e08390796fda5
-
SHA1
0f7c3804199abe7677e31aedf55ba67b70b2e0f0
-
SHA256
4c9e023a3df13dc1985827b37b8b03b1a6a3703b9c7933a1262e60d94dca05d3
-
SHA512
ddc7f58f4b87a1ccda36d78625cd47194330ebcb7cc0848a40e4098a5f0858852b73ec0b0b2639f4ffabb608f0afee3945b8cdfb26c3f243a40135454877e56e
-
SSDEEP
3072:fb7BtAwa7q28anJvZO1K34SwUcIbS/sa6hojDk2BYBEBskUJ46JfH0:fPkjGKnNZwK348cIbWh6hR2WKBskU/
Malware Config
Extracted
smokeloader
2022
http://onualituyrs.org/
http://sumagulituyo.org/
http://snukerukeutit.org/
http://lightseinsteniki.org/
http://liuliuoumumy.org/
http://stualialuyastrelia.net/
http://kumbuyartyty.net/
http://criogetikfenbut.org/
http://tonimiuyaytre.org/
http://tyiuiunuewqy.org/
Targets
-
-
Target
%APPDATA%ihghgva.exe
-
Size
276KB
-
MD5
6ec067ff2cd91713b33e08390796fda5
-
SHA1
0f7c3804199abe7677e31aedf55ba67b70b2e0f0
-
SHA256
4c9e023a3df13dc1985827b37b8b03b1a6a3703b9c7933a1262e60d94dca05d3
-
SHA512
ddc7f58f4b87a1ccda36d78625cd47194330ebcb7cc0848a40e4098a5f0858852b73ec0b0b2639f4ffabb608f0afee3945b8cdfb26c3f243a40135454877e56e
-
SSDEEP
3072:fb7BtAwa7q28anJvZO1K34SwUcIbS/sa6hojDk2BYBEBskUJ46JfH0:fPkjGKnNZwK348cIbWh6hR2WKBskU/
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself
-