Overview

overview

10

Static

static

2c99759a02...3f.exe

windows7_x64

10

2c99759a02...3f.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    200617-waj7s33qj2_pw_infected.zip

  • Size

    53KB

  • Sample

    200617-zw384za27a

  • MD5

    4ec8f3b74bb56f6a7ba086e14d0c69f9

  • SHA1

    aeb41575e2df48ea78012105868a12ccc31283f5

  • SHA256

    1fe7b1173849114448eca5f4fe5e1d02ba49df20f466519a700a8765f4774979

  • SHA512

    5ba36af2a133863e17acc4a1a2157bb41a6c04e6562e31368fabd637594127a3d09ff11d1d5acb4fa662b71e4fd9c4a12f6926c85d473ca4cf09a5e1ffd65a27

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://ukcompany.me/

http://ukcompany.pw/

http://ukcompany.top/
rc4.i32
rc4.i32

Targets

    • Target

      2c99759a02ca32d1a7e8afa09130633f

    • Size

      237KB

    • MD5

      2c99759a02ca32d1a7e8afa09130633f

    • SHA1

      ddf98971664eb7b554c86b4ab2e2ba7d469f893c

    • SHA256

      b65806521aa662bff2c655c8a7a3b6c8e598d709e35f3390df880a70c3fded40

    • SHA512

      89df4e78c583f409beb3dde03a4e439ba52676dc8ecacd02271d2c30e3fc151c677446652cb7ec7a080c4c00dfc80d63fbdfb369b25deace1752d77b93310dcc

    Score
    10/10
    trojanbackdoorsmokeloader

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks