Overview

overview

10

Static

static

f44390ffb9...78.exe

windows7_x64

10

f44390ffb9...78.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4571024377806848.zip

  • Size

    87KB

  • Sample

    210303-jeamm3v3ss

  • MD5

    150507bcd593b056bd0338bc23f122cb

  • SHA1

    9e9076034d4640c939ee1fedae33eba21aa0bb1a

  • SHA256

    e62238a7e1dae088702213479cb78f9a433a9e38e8417f6c24f89366a68d9f48

  • SHA512

    6cdded2a8150c4606c4e409d6a63b2e1ebe031fd92f661f124176fd3a80fccbb125539e452e17f8b5398835ec47b46d45718429b30dacf71390abf1eae4ba608

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://milliaoin.info/

http://lionoi.adygeya.su/

http://ionoiddi.mangyshlak.su/

http://missidiowi.xyz/

http://io90s8dudi.xyz/
rc4.i32
rc4.i32

Targets

    • Target

      f44390ffb91a02f0ae930e226ffcaa92e68304fd87dafce10373415f5f01b978

    • Size

      164KB

    • MD5

      5744b886d294cc26d7ef92f2d06da91a

    • SHA1

      d20305827dde89bff2cafd7a6db2c27fed00cec9

    • SHA256

      f44390ffb91a02f0ae930e226ffcaa92e68304fd87dafce10373415f5f01b978

    • SHA512

      5333050c1e0c805c27e2ae33466708828f9dcf3fb46ebf25d5e13f5f84724960876fbfb41ba302ddad144630075199504510c7217659933b602c1c777e87e19f

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks