Overview

overview

10

Static

static

8

329828.exe

windows7_x64

10

329828.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    329828.exe

  • Size

    250KB

  • Sample

    201224-g9ws8vwby6

  • MD5

    72ee1f186e273510f6708440f6460f73

  • SHA1

    62fe157448979918f32db1672dfb295185f93aa0

  • SHA256

    e0335bfe0bf78a069d9a4a179bdbe5b9f2ea4759772f2e8e7b4ed5f9ce0833d1

  • SHA512

    7457d0065f3e47776b176a4639408a07f465f5f0c8d2ff3118b157b80a3fbd85403d2618ac152527ebdca79248f76d6264c808376bb9a6ca43ed5e943f9bfed3

Score
10/10
smokeloaderbackdoortrojanupx

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://etasuklavish.today/

http://mragyzmachnobesdi.today/

http://kimchinikuzims.today/

http://slacvostinrius.today/

http://straponuliusyn.today/

http://grammmdinss.today/

http://viprasputinsd.chimkent.su/

http://lupadypa.dagestan.su/

http://stoknolimchin.exnet.su/

http://musaroprovadnikov.live/

http://teemforyourexprensiti.life/

http://stolkgolmishutich.termez.su/

http://roompampamgandish.wtf/
rc4.i32
rc4.i32

Targets

    • Target

      329828.exe

    • Size

      250KB

    • MD5

      72ee1f186e273510f6708440f6460f73

    • SHA1

      62fe157448979918f32db1672dfb295185f93aa0

    • SHA256

      e0335bfe0bf78a069d9a4a179bdbe5b9f2ea4759772f2e8e7b4ed5f9ce0833d1

    • SHA512

      7457d0065f3e47776b176a4639408a07f465f5f0c8d2ff3118b157b80a3fbd85403d2618ac152527ebdca79248f76d6264c808376bb9a6ca43ed5e943f9bfed3

    Score
    10/10
    smokeloaderbackdoortrojanupx

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks