smokeloader | 448c9cc1d7ec2eeae433ea0f955802adfbb6d97546c99855812c11942021776e | Triage

Submit
Reports

Overview

overview

Static

static

8

a803a2f303...a6.exe

windows7_x64

a803a2f303...a6.exe

windows10_x64

Sharing

General

Target

a803a2f303972e595f62c4f94fdab9a6.exe
Size

154KB
Sample

201229-2tcb6hjv6j
MD5

a803a2f303972e595f62c4f94fdab9a6
SHA1

0b880a5a3bd054a2bf25e1b07c6e50aeeacd261d
SHA256

448c9cc1d7ec2eeae433ea0f955802adfbb6d97546c99855812c11942021776e
SHA512

6166e53c3c55e77d18d0f6688ebf1b24daacd569a3766ada94bbc873915429c340d6acb4462f2eda21d891e1014184a7c2d1396cbb441bc1261afd3aa3116211

Score

10^/10

smokeloader backdoor trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

a803a2f303972e595f62c4f94fdab9a6.exe

Resource

win7v20201028

smokeloader backdoor trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a803a2f303972e595f62c4f94fdab9a6.exe

Resource

win10v20201028

smokeloader backdoor trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://vtdilet.com/upload/

http://netvxi.com/upload/

http://tinnys.monster/upload/

rc4.i32

rc4.i32

Targets

- Target
  
  a803a2f303972e595f62c4f94fdab9a6.exe
- Size
  
  154KB
- MD5
  
  a803a2f303972e595f62c4f94fdab9a6
- SHA1
  
  0b880a5a3bd054a2bf25e1b07c6e50aeeacd261d
- SHA256
  
  448c9cc1d7ec2eeae433ea0f955802adfbb6d97546c99855812c11942021776e
- SHA512
  
  6166e53c3c55e77d18d0f6688ebf1b24daacd569a3766ada94bbc873915429c340d6acb4462f2eda21d891e1014184a7c2d1396cbb441bc1261afd3aa3116211
Score

10^/10

smokeloader backdoor trojan upx
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojanupx

behavioral2

smokeloaderbackdoortrojanupx

© 2018-2024

Terms | Privacy