General

  • Target

    faccdc083148ee32b957b43dba95e33d_JaffaCakes118

  • Size

    270KB

  • Sample

    240419-vx12qsae54

  • MD5

    faccdc083148ee32b957b43dba95e33d

  • SHA1

    a7495bdc167cf0c83f1e240aaa9623c1cf0f4657

  • SHA256

    85e9dd089f71962f16f4cd50e7a6ef609172597efbc0584d9424e7c5e021b7ef

  • SHA512

    1d4b00626c6f2968c65d0169aaf769ca01920ae44b2ba41ab79192916060e5e548edb1da7770038ed6df131c59bc2c39e880deaaca60fe81a78db3f77673cef8

  • SSDEEP

    6144:l2ndyaaypvYgGn4rS1rx0im01FvuXn8Hz:wdVaypvYgG91rmgc8T

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforaugust1.xyz/

http://readinglistforaugust2.xyz/

http://readinglistforaugust3.xyz/

http://readinglistforaugust4.xyz/

http://readinglistforaugust5.xyz/

http://readinglistforaugust6.xyz/

http://readinglistforaugust7.xyz/

http://readinglistforaugust8.xyz/

http://readinglistforaugust9.xyz/

http://readinglistforaugust10.xyz/

http://readinglistforaugust1.site/

http://readinglistforaugust2.site/

http://readinglistforaugust3.site/

http://readinglistforaugust4.site/

http://readinglistforaugust5.site/

http://readinglistforaugust6.site/

http://readinglistforaugust7.site/

http://readinglistforaugust8.site/

http://readinglistforaugust9.site/

http://readinglistforaugust10.site/

rc4.i32
rc4.i32

Targets

    • Target

      faccdc083148ee32b957b43dba95e33d_JaffaCakes118

    • Size

      270KB

    • MD5

      faccdc083148ee32b957b43dba95e33d

    • SHA1

      a7495bdc167cf0c83f1e240aaa9623c1cf0f4657

    • SHA256

      85e9dd089f71962f16f4cd50e7a6ef609172597efbc0584d9424e7c5e021b7ef

    • SHA512

      1d4b00626c6f2968c65d0169aaf769ca01920ae44b2ba41ab79192916060e5e548edb1da7770038ed6df131c59bc2c39e880deaaca60fe81a78db3f77673cef8

    • SSDEEP

      6144:l2ndyaaypvYgGn4rS1rx0im01FvuXn8Hz:wdVaypvYgG91rmgc8T

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks