General
-
Target
ffd4841e92d03b80880cc764d203ef15_JaffaCakes118
-
Size
460KB
-
Sample
240930-dlvbdavcpm
-
MD5
ffd4841e92d03b80880cc764d203ef15
-
SHA1
ae49eafc1a910a9169256aa29725d57bf1db91bc
-
SHA256
3fb34ed5c5808254463cc62c553f3697de13e3a0e62164ae3b7a35823a304a2a
-
SHA512
5409329d12dca313953f2d5501a99b945b66d27577acb3a48fbb9133b79ecc70d685535400a6f4aaba8569d96fcee06bd6457a004411afd713a40ca08cd8d87a
-
SSDEEP
6144:ppTY2pNXc/BFoByEFF3sfZ2bJddRAvGOcg64Ed/5g8xV7x3EyYEIRpS:pC/B0tFx2Z2TdRAv964Ede6x3nYEIR
Malware Config
Extracted
smokeloader
VgU
Extracted
smokeloader
2018
http://klub046.co/zb/
Targets
-
-
Target
ffd4841e92d03b80880cc764d203ef15_JaffaCakes118
-
Size
460KB
-
MD5
ffd4841e92d03b80880cc764d203ef15
-
SHA1
ae49eafc1a910a9169256aa29725d57bf1db91bc
-
SHA256
3fb34ed5c5808254463cc62c553f3697de13e3a0e62164ae3b7a35823a304a2a
-
SHA512
5409329d12dca313953f2d5501a99b945b66d27577acb3a48fbb9133b79ecc70d685535400a6f4aaba8569d96fcee06bd6457a004411afd713a40ca08cd8d87a
-
SSDEEP
6144:ppTY2pNXc/BFoByEFF3sfZ2bJddRAvGOcg64Ed/5g8xV7x3EyYEIRpS:pC/B0tFx2Z2TdRAv964Ede6x3nYEIR
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-