General

  • Target

    fdfda689793cad76324889a93e24f852_JaffaCakes118

  • Size

    336KB

  • Sample

    240421-anj2msdh77

  • MD5

    fdfda689793cad76324889a93e24f852

  • SHA1

    136167f0b2a00de0a6bce3218d476fd23e510592

  • SHA256

    624eea3866bb7d522a565475c043b150197d360e9f3716913c1ac9a6b0f1e91a

  • SHA512

    07380205c1bfca6d5aa42dabf2785d36b2036c6617e6c91baff2fa5dd9a8a7a1a63af0500d7079262dca6efd2b7c1db05687259c87bc16a08ed2666cd8d50a0b

  • SSDEEP

    6144:5NK0DS6tKAOuSTp46z6bK6BhZohEsZYvyDSUsmMjz:G026tKA5ST3z6bK6CvZYaDSuc

Malware Config

Extracted

Family

smokeloader

Botnet

0308

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforjuly1.xyz/

http://readinglistforjuly2.xyz/

http://readinglistforjuly3.xyz/

http://readinglistforjuly4.xyz/

http://readinglistforjuly5.xyz/

http://readinglistforjuly6.xyz/

http://readinglistforjuly7.xyz/

http://readinglistforjuly8.xyz/

http://readinglistforjuly9.xyz/

http://readinglistforjuly10.xyz/

http://readinglistforjuly1.site/

http://readinglistforjuly2.site/

http://readinglistforjuly3.site/

http://readinglistforjuly4.site/

http://readinglistforjuly5.site/

http://readinglistforjuly6.site/

http://readinglistforjuly7.site/

http://readinglistforjuly8.site/

http://readinglistforjuly9.site/

http://readinglistforjuly10.site/

rc4.i32
rc4.i32

Targets

    • Target

      fdfda689793cad76324889a93e24f852_JaffaCakes118

    • Size

      336KB

    • MD5

      fdfda689793cad76324889a93e24f852

    • SHA1

      136167f0b2a00de0a6bce3218d476fd23e510592

    • SHA256

      624eea3866bb7d522a565475c043b150197d360e9f3716913c1ac9a6b0f1e91a

    • SHA512

      07380205c1bfca6d5aa42dabf2785d36b2036c6617e6c91baff2fa5dd9a8a7a1a63af0500d7079262dca6efd2b7c1db05687259c87bc16a08ed2666cd8d50a0b

    • SSDEEP

      6144:5NK0DS6tKAOuSTp46z6bK6BhZohEsZYvyDSUsmMjz:G026tKA5ST3z6bK6CvZYaDSuc

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks