Overview

overview

10

Static

static

23bef893e3...6b.exe

windows7_x64

23bef893e3...6b.exe

windows10_x64

Resubmissions

09-09-2020 09:18

200909-ev13telmdn 10

08-09-2020 17:08

200908-br2a8ynnpn 10

08-09-2020 17:07

200908-2bbw72ekmn 10

08-09-2020 16:54

200908-qgbye23mhs 10

08-09-2020 16:46

200908-p5f4c5cdzj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b

  • Size

    154KB

  • Sample

    200908-2bbw72ekmn

  • MD5

    91879bdd73625ac38c31fe5225310e92

  • SHA1

    a007b979483ee6b57b93a11340932a60f5781570

  • SHA256

    23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b

  • SHA512

    22678f18385ed177ed34cac52fc8667c6d6cdc2953b1818a6e530411894aa6947b04408320137af8ebd5b1d6d733f374a1d962608e0e6c234e5a43b89fe9de3c

Score
10/10
smokeloaderbackdoorbootkitransomwaretrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://dkajsdjiqwdwnfj.info/

http://2831ujedkdajsdj.info/

http://928eijdksasnfss.info/

https://dkajsdjiqwdwnfj.info/

https://2831ujedkdajsdj.info/

https://928eijdksasnfss.info/
rc4.i32
rc4.i32

Targets

    • Target

      23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b

    • Size

      154KB

    • MD5

      91879bdd73625ac38c31fe5225310e92

    • SHA1

      a007b979483ee6b57b93a11340932a60f5781570

    • SHA256

      23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b

    • SHA512

      22678f18385ed177ed34cac52fc8667c6d6cdc2953b1818a6e530411894aa6947b04408320137af8ebd5b1d6d733f374a1d962608e0e6c234e5a43b89fe9de3c

    Score
    10/10
    trojanbackdoorsmokeloaderransomwarebootkit

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Modifies WinLogon to allow AutoLogon

      Enables rebooting of the machine without requiring login credentials.

      ransomwarebootkit

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks