Ankit Anubhav Nov 14, 2022

Today, a #Smokeloader #malware campaign is observed, which is sending emails with links to hacked sites.

The malware is hidden in the "contract" folder created by the hacker.

The next stage download link is not a normal one as the IP is in decimal notation, which makes it look tricky.

@3236135985 = 192.227.132.49

Evidence - https://tria.ge/221114-lpyrzabe9s

cc @da_667 @Myrtus @th3_protoCOL

#cybersecurity

Malware sandboxing report by Hatching Triage

Have a look at the Hatching Triage automated malware analysis report for this smokeloader sample, with a score of 10 out of 10.

Show threadmo Nov 15, 2022
@ankit_anubhav @da_667 @Myrtus @th3_protoCOL nice warning on mobile firefox accessing such domains
Show threadAnkit Anubhav 

@mo__ @da_667 @Myrtus @th3_protoCOL Thanks for sharing. Yes the only place till now, where I have seen a warning is Firefox on Android.

Did you use ios or Android?

Nov 16, 2022 at 3:02amWeb
Show threadmo Nov 16, 2022
@ankit_anubhav @da_667 @Myrtus @th3_protoCOL this was on an Android