Overview

overview

10

Static

static

11268bd615...82.exe

windows7_x64

10

11268bd615...82.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6639490882633728.zip

  • Size

    111KB

  • Sample

    210303-f4dbagntn2

  • MD5

    170870753a789c43891df0e102315f56

  • SHA1

    99012de0a0a8988353cf718aef520963cf9ea7ca

  • SHA256

    376150a0f98a3a2421cec373e23ad236bf02fb93bb5f2ed5f9b283a2353b5435

  • SHA512

    ae039a54ecec058f5d5a08b1e1e7d75e96c99611b665de7fb8d8670384778088d9d5b4c8c91a31c93d205986ebc94db023d66de8d639f9aff98a68a316095f25

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://milliaoin.info/

http://lionoi.adygeya.su/

http://ionoiddi.mangyshlak.su/

http://missidiowi.xyz/

http://io90s8dudi.xyz/
rc4.i32
rc4.i32

Targets

    • Target

      11268bd6156fef367ce50abb98512123e3128423a6c21474b90e7248a9b95782

    • Size

      186KB

    • MD5

      06a985ab0cc1f730f91058851712d990

    • SHA1

      de5808615083090d87ac46534ba5ca3f1ad1c0ae

    • SHA256

      11268bd6156fef367ce50abb98512123e3128423a6c21474b90e7248a9b95782

    • SHA512

      27a6c4567cc99383d5c11d364e664783f475fe3bdbee6059b4e72abe157a285d99b42b27996079f08e748a489fa13dcd4918a197ef869ebe0df86afcaeb1592d

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks