General

  • Target

    kebab.exe

  • Size

    13KB

  • Sample

    241218-qav5razmev

  • MD5

    59b9c351412e31d38899158ff546ff2e

  • SHA1

    d51cc28f090308c329fb77c961a23553299500f7

  • SHA256

    726e53e8bf9d5e3ed36fce83aa7d3256d127ac1b80a93d7af80bd0db494876ef

  • SHA512

    c0602b8cf5f96f43f89bf38551d1d0a22f380b235785d925cc5cb5522f0470068bf2b4d414aa1152553b1b4c157eb3d285c823523be84aaedf9a8fbe438ed52a

  • SSDEEP

    192:vBAlEMZWAY5nCtCY61l40CMvPSohzWLz5xWfgOQ/muu/d5THm4OtXON:JAnLAXNy/m3/bTKXON

Malware Config

Extracted

Family

smokeloader

Version

2017

C2

http://dogewareservice.ru/

Targets

    • Target

      kebab.exe

    • Size

      13KB

    • MD5

      59b9c351412e31d38899158ff546ff2e

    • SHA1

      d51cc28f090308c329fb77c961a23553299500f7

    • SHA256

      726e53e8bf9d5e3ed36fce83aa7d3256d127ac1b80a93d7af80bd0db494876ef

    • SHA512

      c0602b8cf5f96f43f89bf38551d1d0a22f380b235785d925cc5cb5522f0470068bf2b4d414aa1152553b1b4c157eb3d285c823523be84aaedf9a8fbe438ed52a

    • SSDEEP

      192:vBAlEMZWAY5nCtCY61l40CMvPSohzWLz5xWfgOQ/muu/d5THm4OtXON:JAnLAXNy/m3/bTKXON

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Smokeloader family

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks