smokeloader | 64488d0945d0b02943797f1886fd7d5f075f61445b6c41071a0c77b40eb3649f | Triage

Submit
Reports

Overview

overview

Static

static

Proforma I...oc.rtf

windows7_x64

Proforma I...oc.rtf

windows10_x64

1

Sharing

General

Target

Proforma Invoice.doc
Size

2.5MB
Sample

201220-z53mmbzrtn
MD5

f8d74c4e175a21cb8010a56b455d56e0
SHA1

c2fc75b55d8aadb0486adbf6c172dee41591d346
SHA256

64488d0945d0b02943797f1886fd7d5f075f61445b6c41071a0c77b40eb3649f
SHA512

e20debdf490d024ae84779d98303f8cc9f30b52292cb33731ce890ff07dca622f88fe0dc0e3f83327ca8ee6bf81316846cea4747dbaddd77f175d297f64db819

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

Proforma Invoice.doc.rtf

Resource

win7v20201028

smokeloader backdoor trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Proforma Invoice.doc.rtf

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

httPs://paste.ee/r/WX4xy

ps1.dropper

httPs://paste.ee/r/S4DRb

Extracted

Family

smokeloader

Version

2018

C2

http://bearddate.com/1/

rc4.i32

rc4.i32

Targets

- Target
  
  Proforma Invoice.doc
- Size
  
  2.5MB
- MD5
  
  f8d74c4e175a21cb8010a56b455d56e0
- SHA1
  
  c2fc75b55d8aadb0486adbf6c172dee41591d346
- SHA256
  
  64488d0945d0b02943797f1886fd7d5f075f61445b6c41071a0c77b40eb3649f
- SHA512
  
  e20debdf490d024ae84779d98303f8cc9f30b52292cb33731ce890ff07dca622f88fe0dc0e3f83327ca8ee6bf81316846cea4747dbaddd77f175d297f64db819
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

© 2018-2024

Terms | Privacy