General
-
Target
7dc8133fb148b87f8cfcfa834c1a0134647f9dd55d5f59dec510f8f1b320ea66
-
Size
696KB
-
Sample
240506-2q874ahg52
-
MD5
8fad1b737e2fb852710b43eba52d6b52
-
SHA1
bad376c9582758c4e64956fd6a3df3f10462ba19
-
SHA256
7dc8133fb148b87f8cfcfa834c1a0134647f9dd55d5f59dec510f8f1b320ea66
-
SHA512
44acc7fea7525f3fceb38746d1190e56e42618f72f10c9bb2a3404000d77fa696285bce968786f6b1f5df70f402927ce4dc4f0d42ffeaef06a97d70da0938c92
-
SSDEEP
12288:/Mw4PBDrHW6ncbkrC41L99OVhFHKQGQ9Ua+nQNtl0nD9rBmCvcpj3PmZ7fG4Erw8:/Mw45lncbk+4z9uFqQGXayC30bmCvcqw
Malware Config
Extracted
smokeloader
2022
http://cellc.org/tmp/index.php
http://h-c-v.ru/tmp/index.php
http://icebrasilpr.com/tmp/index.php
http://piratia-life.ru/tmp/index.php
http://piratia.su/tmp/index.php
Extracted
smokeloader
pub3
Targets
-
-
Target
7dc8133fb148b87f8cfcfa834c1a0134647f9dd55d5f59dec510f8f1b320ea66
-
Size
696KB
-
MD5
8fad1b737e2fb852710b43eba52d6b52
-
SHA1
bad376c9582758c4e64956fd6a3df3f10462ba19
-
SHA256
7dc8133fb148b87f8cfcfa834c1a0134647f9dd55d5f59dec510f8f1b320ea66
-
SHA512
44acc7fea7525f3fceb38746d1190e56e42618f72f10c9bb2a3404000d77fa696285bce968786f6b1f5df70f402927ce4dc4f0d42ffeaef06a97d70da0938c92
-
SSDEEP
12288:/Mw4PBDrHW6ncbkrC41L99OVhFHKQGQ9Ua+nQNtl0nD9rBmCvcpj3PmZ7fG4Erw8:/Mw45lncbk+4z9uFqQGXayC30bmCvcqw
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-