General

  • Target

    71068065d8dd7daa9c49687b973d05d5602ed994467728763d2213fe4d90c0d8.exe

  • Size

    13KB

  • Sample

    241219-dpvfjswkam

  • MD5

    789f1016740449ce3e9a7fe210383460

  • SHA1

    e0905d363448178d485ed15ee6f67b0f1d72e728

  • SHA256

    71068065d8dd7daa9c49687b973d05d5602ed994467728763d2213fe4d90c0d8

  • SHA512

    b63467a55f11f8e3e6dfee195e5a64d7dec621834e1c26e1f64210496dbad36409771968a5e3b2f142fb6196df5689c012f5971ca2fd4bb3b1311f8f66f2f2fa

  • SSDEEP

    192:vBAlEMZWAY5nCtCY61l40CMvPSohzWLz5xWfgOQ/muu/d5THm4OtwO:JAnLAXNy/m3/bTKwO

Malware Config

Extracted

Family

smokeloader

Version

2017

C2

http://dogewareservice.ru/

Targets

    • Target

      71068065d8dd7daa9c49687b973d05d5602ed994467728763d2213fe4d90c0d8.exe

    • Size

      13KB

    • MD5

      789f1016740449ce3e9a7fe210383460

    • SHA1

      e0905d363448178d485ed15ee6f67b0f1d72e728

    • SHA256

      71068065d8dd7daa9c49687b973d05d5602ed994467728763d2213fe4d90c0d8

    • SHA512

      b63467a55f11f8e3e6dfee195e5a64d7dec621834e1c26e1f64210496dbad36409771968a5e3b2f142fb6196df5689c012f5971ca2fd4bb3b1311f8f66f2f2fa

    • SSDEEP

      192:vBAlEMZWAY5nCtCY61l40CMvPSohzWLz5xWfgOQ/muu/d5THm4OtwO:JAnLAXNy/m3/bTKwO

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Smokeloader family

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks