smokeloader

Resubmissions

09-09-2020 09:18

200909-ev13telmdn 10

08-09-2020 17:08

08-09-2020 17:07

08-09-2020 16:54

08-09-2020 16:46

Sharing

Copy URL

Twitter E-mail

General

Target

23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b
Size

154KB
Sample

200908-2bbw72ekmn
MD5

91879bdd73625ac38c31fe5225310e92
SHA1

a007b979483ee6b57b93a11340932a60f5781570
SHA256

23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b
SHA512

22678f18385ed177ed34cac52fc8667c6d6cdc2953b1818a6e530411894aa6947b04408320137af8ebd5b1d6d733f374a1d962608e0e6c234e5a43b89fe9de3c

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

http://dkajsdjiqwdwnfj.info/

http://2831ujedkdajsdj.info/

http://928eijdksasnfss.info/

https://dkajsdjiqwdwnfj.info/

https://2831ujedkdajsdj.info/

https://928eijdksasnfss.info/

rc4.i32

Targets

- Target
  
  23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b
- Size
  
  154KB
- MD5
  
  91879bdd73625ac38c31fe5225310e92
- SHA1
  
  a007b979483ee6b57b93a11340932a60f5781570
- SHA256
  
  23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b
- SHA512
  
  22678f18385ed177ed34cac52fc8667c6d6cdc2953b1818a6e530411894aa6947b04408320137af8ebd5b1d6d733f374a1d962608e0e6c234e5a43b89fe9de3c
Score

10^/10

trojan backdoor smokeloader ransomware bootkit
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Modifies WinLogon to allow AutoLogon

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2