Overview

overview

10

Static

static

37ea915af4...25.exe

windows7_x64

10

37ea915af4...25.exe

windows10_x64

10

Analysis

  • max time kernel
    53s
  • max time network
    64s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    17-06-2020 16:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37ea915af4b89c5697fd8647175dbc25.exe

  • Size

    32KB

  • MD5

    37ea915af4b89c5697fd8647175dbc25

  • SHA1

    b0b41abda47839c37c007f4c9e03dfad55084f70

  • SHA256

    383dede6a6d363e97a2d34a002aca69378da4b6769b13976b0344a20272a7d9d

  • SHA512

    f0ad407facf9801a2e25ca0c1b495f7c93cb633f1c2416c6b412d11108bec67018eb08928181318be1cc259e48a7cc2c5995b7467e7b93a641f048299e824596

Score
10/10
trojanbackdoorsmokeloader

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://185.35.137.147/mlp/

rc4.i32
rc4.i32

Signatures

  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

Processes

  • C:\Users\Admin\AppData\Local\Temp\37ea915af4b89c5697fd8647175dbc25.exe
    "C:\Users\Admin\AppData\Local\Temp\37ea915af4b89c5697fd8647175dbc25.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Maps connected drives based on registry
    PID:896

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/896-0-0x00000000002E0000-0x00000000002F5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1276-2-0x00000000060C0000-0x00000000060C1000-memory.dmp

    Filesize

    4KB

    Download