General
-
Target
23b86d03dce9c537233aba35061118e238ce3f444e6ce0057bc4be310e97fb53
-
Size
300KB
-
Sample
240425-bg8l4acf9s
-
MD5
3bdbe965922732ae0d662c74b444bdf1
-
SHA1
300abe798f642648d0bfeac99ae92d7edf941cb7
-
SHA256
23b86d03dce9c537233aba35061118e238ce3f444e6ce0057bc4be310e97fb53
-
SHA512
cfebb561e5f0b15f2ecfbfbe338391648d5ae2c6a2b50add27a6ba45ca504182ad93ea6e378c70087d1d7acd48fc10779fd8534a4b03d9e09218cb7068b4a101
-
SSDEEP
3072:vcPCz0s0Qc0PX9+CPUi0dgzUKAvLtEOCmJNT6wB8rjoBao95nxJxuegpG:vR9n9XbKvZnxXEo3nxJx
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Targets
-
-
Target
23b86d03dce9c537233aba35061118e238ce3f444e6ce0057bc4be310e97fb53
-
Size
300KB
-
MD5
3bdbe965922732ae0d662c74b444bdf1
-
SHA1
300abe798f642648d0bfeac99ae92d7edf941cb7
-
SHA256
23b86d03dce9c537233aba35061118e238ce3f444e6ce0057bc4be310e97fb53
-
SHA512
cfebb561e5f0b15f2ecfbfbe338391648d5ae2c6a2b50add27a6ba45ca504182ad93ea6e378c70087d1d7acd48fc10779fd8534a4b03d9e09218cb7068b4a101
-
SSDEEP
3072:vcPCz0s0Qc0PX9+CPUi0dgzUKAvLtEOCmJNT6wB8rjoBao95nxJxuegpG:vR9n9XbKvZnxXEo3nxJx
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-