General
-
Target
546d7f26d8b2a42b4a917e3642c2fffa89a1be3a41795da4ccf8afb2e0f417e8
-
Size
654KB
-
Sample
240501-24ynhshg7x
-
MD5
87f8958f40e487f7d816cd1aaf52fa84
-
SHA1
0d84722779ef406a090fd085c7a2f4ed636afb3d
-
SHA256
546d7f26d8b2a42b4a917e3642c2fffa89a1be3a41795da4ccf8afb2e0f417e8
-
SHA512
717c228b27dddca019fe81a8619f6a8d11b0362140de276aa5d6746b3eb0bc1130ae4b79a7a4389541e872cdb63b781a37a1cd459b810b0380deb6b046a0e287
-
SSDEEP
12288:IXAx/2a0CTmgQ9AlrsgsdNUUhfjersFwz3NTwBOuCUxQQZNIuJ3M7THqAi4dD4:IXAx/2z9CrsgsTUU1ioEnuCUxQQZN9Je
Malware Config
Extracted
smokeloader
2022
http://cellc.org/tmp/index.php
http://h-c-v.ru/tmp/index.php
http://icebrasilpr.com/tmp/index.php
http://piratia-life.ru/tmp/index.php
http://piratia.su/tmp/index.php
Extracted
smokeloader
pub3
Targets
-
-
Target
546d7f26d8b2a42b4a917e3642c2fffa89a1be3a41795da4ccf8afb2e0f417e8
-
Size
654KB
-
MD5
87f8958f40e487f7d816cd1aaf52fa84
-
SHA1
0d84722779ef406a090fd085c7a2f4ed636afb3d
-
SHA256
546d7f26d8b2a42b4a917e3642c2fffa89a1be3a41795da4ccf8afb2e0f417e8
-
SHA512
717c228b27dddca019fe81a8619f6a8d11b0362140de276aa5d6746b3eb0bc1130ae4b79a7a4389541e872cdb63b781a37a1cd459b810b0380deb6b046a0e287
-
SSDEEP
12288:IXAx/2a0CTmgQ9AlrsgsdNUUhfjersFwz3NTwBOuCUxQQZNIuJ3M7THqAi4dD4:IXAx/2z9CrsgsTUU1ioEnuCUxQQZN9Je
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-