smokeloader | 0969327fda05101320538ec7c3df4ca3a024fdffc9ff58bcf5570a0960bd9df7 | Triage

Submit
Reports

Overview

overview

Static

static

8

6ca375ce8d...d8.exe

windows7_x64

6ca375ce8d...d8.exe

windows10_x64

Sharing

General

Target

6ca375ce8d7caafb814fb3455edfafd8.exe
Size

154KB
Sample

201228-jj55g5plzs
MD5

6ca375ce8d7caafb814fb3455edfafd8
SHA1

38dbc1e721dadcf695c4f2e0ec1c7c1a1dea31bf
SHA256

0969327fda05101320538ec7c3df4ca3a024fdffc9ff58bcf5570a0960bd9df7
SHA512

adcf823d05bd0fa407a663fae3f4b0232acd7c41775f5ad3bd5d7570a609813da63f1522fe2497004d386a766de2c7e6f1d26f3177beb7a2d4da2a5a1d734de3

Score

10^/10

smokeloader backdoor bootkit persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

6ca375ce8d7caafb814fb3455edfafd8.exe

Resource

win7v20201028

smokeloader backdoor bootkit persistence trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6ca375ce8d7caafb814fb3455edfafd8.exe

Resource

win10v20201028

smokeloader backdoor trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://vtdilet.com/upload/

http://netvxi.com/upload/

http://tinnys.monster/upload/

rc4.i32

rc4.i32

Targets

- Target
  
  6ca375ce8d7caafb814fb3455edfafd8.exe
- Size
  
  154KB
- MD5
  
  6ca375ce8d7caafb814fb3455edfafd8
- SHA1
  
  38dbc1e721dadcf695c4f2e0ec1c7c1a1dea31bf
- SHA256
  
  0969327fda05101320538ec7c3df4ca3a024fdffc9ff58bcf5570a0960bd9df7
- SHA512
  
  adcf823d05bd0fa407a663fae3f4b0232acd7c41775f5ad3bd5d7570a609813da63f1522fe2497004d386a766de2c7e6f1d26f3177beb7a2d4da2a5a1d734de3
Score

10^/10

smokeloader backdoor bootkit persistence trojan upx
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorbootkitpersistencetrojanupx

behavioral2

smokeloaderbackdoortrojanupx

© 2018-2024

Terms | Privacy