General
-
Target
f969dbafd14aebde6dc76699740db351ffca90656e8702830020adc65e6750ab
-
Size
786KB
-
Sample
240509-ag7jcshg82
-
MD5
be16eaac9ee6e99b794c60e2fc33c441
-
SHA1
911b3c0636080fee89d5b5b228a6dd8ef935b2d7
-
SHA256
f969dbafd14aebde6dc76699740db351ffca90656e8702830020adc65e6750ab
-
SHA512
2c9dc1197a4d61eff590defd7cd2ae07c1753569dc16d335f34fd0a4cf388ed8360055bdd9aebd30d0196c68cb7c2280b060d01e9810a26bdbc17a70372e9419
-
SSDEEP
24576:RMwX0KLbB1eWZQsJ4B51fueCA/vzylY9Y:RMwX0+tIWGsY5VCA/vzyT
Malware Config
Extracted
smokeloader
2022
http://cellc.org/tmp/index.php
http://h-c-v.ru/tmp/index.php
http://icebrasilpr.com/tmp/index.php
http://piratia-life.ru/tmp/index.php
http://piratia.su/tmp/index.php
Extracted
smokeloader
pub3
Targets
-
-
Target
f969dbafd14aebde6dc76699740db351ffca90656e8702830020adc65e6750ab
-
Size
786KB
-
MD5
be16eaac9ee6e99b794c60e2fc33c441
-
SHA1
911b3c0636080fee89d5b5b228a6dd8ef935b2d7
-
SHA256
f969dbafd14aebde6dc76699740db351ffca90656e8702830020adc65e6750ab
-
SHA512
2c9dc1197a4d61eff590defd7cd2ae07c1753569dc16d335f34fd0a4cf388ed8360055bdd9aebd30d0196c68cb7c2280b060d01e9810a26bdbc17a70372e9419
-
SSDEEP
24576:RMwX0KLbB1eWZQsJ4B51fueCA/vzylY9Y:RMwX0+tIWGsY5VCA/vzyT
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-