SmokeLoader Themed Malware Serving Campaign Spotted in the Wild – An Analysis

 Dear blog readers,

I’ve decided to share with everyone some technical details behind a currently circulating malicious software serving campaign that’s dropping a SmokeLoader variant on the targeted host and is using a variety of C&C server domains for communication with the malicious attackers.

Sample screenshots include:

Sample campaign structure:

MD5: ccaf26afe7db068aa11331f6c5af14d8

hxxp://host-file-host6.com – 34.106.70.53

hxxp://host-host-file8.com

Sample related responding IPs known to have been involved in the campaign include:

hxxp://176.124.221.9

hxxp://23.48.95.144

hxxp://45.91.8.70

hxxp://185.144.28.175

hxxp://31.44.185.182

hxxp://8.209.65.68

hxxp://45.134.27.228

hxxp://2.16.165.19

hxxp://185.251.89.108

hxxp://195.186.210.241

Stay tuned!

Leave a Reply

Your email address will not be published. Required fields are marked *

Unit-123.org E-shop Owner Information

Who is Dancho Danchev?

Unit-123.org

Focused on delivering daily batches of personally-produced never-ending supply of high-quality and never-published and released before classified and sensitive Intelligence Deliverables.

Latest Products