Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

document-1383196305.xlsb
Size

291KB
Sample

201113-kywf4dnfmx
MD5

f99aa8060d195b270924b59640dc49e1
SHA1

f517c5fd629247173e3d7b75b5aa47fc115852b1
SHA256

9d8ac807a42a57b7cbefe987f0272b33cadba1ed511a0580bb320a62ef537c44
SHA512

4f40d05e53e0be38c25b7ee3c1ec27d6fec4ecae88f132658ea1bf0586d5b33a78e48df8165649ca15fda44c8e40252eed05bf0d25d532f80a7c11d421a441c9

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://we11wdsgd.com/

rc4.i32

rc4.i32

Targets

- Target
  
  document-1383196305.xlsb
- Size
  
  291KB
- MD5
  
  f99aa8060d195b270924b59640dc49e1
- SHA1
  
  f517c5fd629247173e3d7b75b5aa47fc115852b1
- SHA256
  
  9d8ac807a42a57b7cbefe987f0272b33cadba1ed511a0580bb320a62ef537c44
- SHA512
  
  4f40d05e53e0be38c25b7ee3c1ec27d6fec4ecae88f132658ea1bf0586d5b33a78e48df8165649ca15fda44c8e40252eed05bf0d25d532f80a7c11d421a441c9
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan