Overview

overview

10

Static

static

582f1533d0...8b.exe

windows7_x64

10

582f1533d0...8b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5457818946404352.zip

  • Size

    109KB

  • Sample

    210303-ef6bryp2l6

  • MD5

    a644f9da053b0abb420090c1df859942

  • SHA1

    6c539a753fdfda2fc8d39de71b3bfac837e7ac45

  • SHA256

    b1274ba8308ca3f44a7c101d64d4d788a1b3d7ef0810b87d39885b552fadd3e5

  • SHA512

    bc0a5eb597400b375ab86c78f6e4ae1c20838fb6c3fb21856cd3b7f7e20fb6b5ea95fcd4844d15009de23204368671f48d12d9ff3c67f1aa115df04a8202ff44

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://milliaoin.info/

http://lionoi.adygeya.su/

http://ionoiddi.mangyshlak.su/

http://missidiowi.xyz/

http://io90s8dudi.xyz/
rc4.i32
rc4.i32

Targets

    • Target

      582f1533d05d514fb4523220ce47b4a3d4e18f47eead75316fd4c49687d84a8b

    • Size

      235KB

    • MD5

      553d878e947f567de9b642bec5b25971

    • SHA1

      d61117811226a5b93dec1839c0bdbeffce2ea9e5

    • SHA256

      582f1533d05d514fb4523220ce47b4a3d4e18f47eead75316fd4c49687d84a8b

    • SHA512

      969586898d8b24bd0995f2026ae3f2f55ca21a5133f13d66fc9a6784aba5f3c7505c89300cb87b8c44bb88935a3a857dd461a9ffa5be181801973f7c9301741b

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks