Overview

overview

10

Static

static

7732.exe

windows7_x64

10

7732.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7732.exe

  • Size

    645KB

  • Sample

    210115-plpbnnwavj

  • MD5

    985eef0c558b24da15d417113acbf045

  • SHA1

    e8eeeb644b4498a8e27ebcc063d2a4f3c355eb83

  • SHA256

    7f40d0fe270f72aec76ec5348630f3b354ea4dd010d60edcdd865693824981de

  • SHA512

    6944467eeb9eb849a1a88b0a2c9cab6571c5c14b8f952064a3c261a7801da8a47fb979176dbf22d1c671fe5dee4ddccaee69dd6606835f91cbf666624c25db03

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://194.147.115.103/

https://194.147.115.103/
rc4.i32
rc4.i32

Targets

    • Target

      7732.exe

    • Size

      645KB

    • MD5

      985eef0c558b24da15d417113acbf045

    • SHA1

      e8eeeb644b4498a8e27ebcc063d2a4f3c355eb83

    • SHA256

      7f40d0fe270f72aec76ec5348630f3b354ea4dd010d60edcdd865693824981de

    • SHA512

      6944467eeb9eb849a1a88b0a2c9cab6571c5c14b8f952064a3c261a7801da8a47fb979176dbf22d1c671fe5dee4ddccaee69dd6606835f91cbf666624c25db03

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks