General

  • Target

    f913fe3944a551fdd0ef4203669433d1_JaffaCakes118

  • Size

    326KB

  • Sample

    240419-amfylaca8z

  • MD5

    f913fe3944a551fdd0ef4203669433d1

  • SHA1

    8d4343a03b442f65459bab83f27a6afbbe6d9966

  • SHA256

    65dbd61de49d92efb40971ce00d7e1a7861721499711ef53c48f10e5bed69867

  • SHA512

    608afd5de8afebb5b53bc98a8f9e97eb8c4884935f74f6de1b4e300d2f3cdb1e1914c95a1ed5404542b5d70d6db3d1c25a64e244c5513c04d0f410b71c0b22d7

  • SSDEEP

    6144:5QbZyrRhh32YJFtVpNgLtpcZweiSShrzpEgg9KPYN6e0HjkF:6gRhhGcFtVpNypQwdnVFxssNzDkF

Malware Config

Extracted

Family

smokeloader

Botnet

pub5

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32
rc4.i32

Targets

    • Target

      f913fe3944a551fdd0ef4203669433d1_JaffaCakes118

    • Size

      326KB

    • MD5

      f913fe3944a551fdd0ef4203669433d1

    • SHA1

      8d4343a03b442f65459bab83f27a6afbbe6d9966

    • SHA256

      65dbd61de49d92efb40971ce00d7e1a7861721499711ef53c48f10e5bed69867

    • SHA512

      608afd5de8afebb5b53bc98a8f9e97eb8c4884935f74f6de1b4e300d2f3cdb1e1914c95a1ed5404542b5d70d6db3d1c25a64e244c5513c04d0f410b71c0b22d7

    • SSDEEP

      6144:5QbZyrRhh32YJFtVpNgLtpcZweiSShrzpEgg9KPYN6e0HjkF:6gRhhGcFtVpNypQwdnVFxssNzDkF

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks