Overview

overview

10

Static

static

membin.exe

windows7_x64

10

membin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    membin

  • Size

    68KB

  • Sample

    210110-nlnjdk4n6j

  • MD5

    6cbf9d6d3c60014c52e25c3c6ac3897e

  • SHA1

    89d5c32bfbd07a43217b59118bd603947b91394e

  • SHA256

    391a0255cb43f87a85d4ccbf764e6d261775fc2be791df2ed6fd9a1a3a3e6e76

  • SHA512

    474480299b6428b1ffde64b950054ba27c175c852b420e1c0af66d8fb70c9b232edf955827b8abe62b82462044b79df4e31352ea3fe96bcf4d6f029d2629a3f3

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2019

C2

https://dwajfjaiakdnsandks.com/

https://djsadoiasidnasnf.com/

https://jfsfkjsdfksfjsjafas.com/
rc4.i32
rc4.i32

Targets

    • Target

      membin

    • Size

      68KB

    • MD5

      6cbf9d6d3c60014c52e25c3c6ac3897e

    • SHA1

      89d5c32bfbd07a43217b59118bd603947b91394e

    • SHA256

      391a0255cb43f87a85d4ccbf764e6d261775fc2be791df2ed6fd9a1a3a3e6e76

    • SHA512

      474480299b6428b1ffde64b950054ba27c175c852b420e1c0af66d8fb70c9b232edf955827b8abe62b82462044b79df4e31352ea3fe96bcf4d6f029d2629a3f3

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks