General

  • Target

    fc7ac920ef9ed32fbdf122baf004f71c_JaffaCakes118

  • Size

    149KB

  • Sample

    240420-ls2yssed6x

  • MD5

    fc7ac920ef9ed32fbdf122baf004f71c

  • SHA1

    df0d7134bd78f2001c32f80899c9521b5ebd51fb

  • SHA256

    b295592fcfddb1fea5b39dbd3b6d886e04136a172ba0a7b194963cbdf989a199

  • SHA512

    4b828ba0d1e16f397c911aa293d2786b81f51f70c7b4b6e6c8c25cbef52936190726590c9af0a56b49a2cb2127e04d0fc612cabc6ce8680d5c52aa30ed94c3ca

  • SSDEEP

    3072:gyE7feR0NlsBTjDmpdfjmRe7h0whKT0yB3M:G3NlCi7ez

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforaugust1.xyz/

http://readinglistforaugust2.xyz/

http://readinglistforaugust3.xyz/

http://readinglistforaugust4.xyz/

http://readinglistforaugust5.xyz/

http://readinglistforaugust6.xyz/

http://readinglistforaugust7.xyz/

http://readinglistforaugust8.xyz/

http://readinglistforaugust9.xyz/

http://readinglistforaugust10.xyz/

http://readinglistforaugust1.site/

http://readinglistforaugust2.site/

http://readinglistforaugust3.site/

http://readinglistforaugust4.site/

http://readinglistforaugust5.site/

http://readinglistforaugust6.site/

http://readinglistforaugust7.site/

http://readinglistforaugust8.site/

http://readinglistforaugust9.site/

http://readinglistforaugust10.site/

rc4.i32
rc4.i32

Targets

    • Target

      fc7ac920ef9ed32fbdf122baf004f71c_JaffaCakes118

    • Size

      149KB

    • MD5

      fc7ac920ef9ed32fbdf122baf004f71c

    • SHA1

      df0d7134bd78f2001c32f80899c9521b5ebd51fb

    • SHA256

      b295592fcfddb1fea5b39dbd3b6d886e04136a172ba0a7b194963cbdf989a199

    • SHA512

      4b828ba0d1e16f397c911aa293d2786b81f51f70c7b4b6e6c8c25cbef52936190726590c9af0a56b49a2cb2127e04d0fc612cabc6ce8680d5c52aa30ed94c3ca

    • SSDEEP

      3072:gyE7feR0NlsBTjDmpdfjmRe7h0whKT0yB3M:G3NlCi7ez

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks