Overview

overview

10

Static

static

10

25959cfe46...e0.exe

windows7_x64

10

25959cfe46...e0.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0

  • Size

    308KB

  • Sample

    210305-9nj6dfky4n

  • MD5

    c067e0a2d7fc6092bb77abc7f7156b60

  • SHA1

    52f68073caec0fd424c7cbaaed5f5221d7103d20

  • SHA256

    25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0

  • SHA512

    685145c679413f82101c328ce4264c5f84d0347db1c5170e16d8a459b9ad12a87bf5e718e049e5c9c639e22197ee26d4aa33fac8c133b9d86772dfe1a8068dfc

Score
10/10
netwalkersmokeloaderbackdoorcryptonepackerransomwaretrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://pukupoko.top/

http://halyavapridi.top/

http://holofrew.me/
rc4.i32
rc4.i32

Targets

    • Target

      25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0

    • Size

      308KB

    • MD5

      c067e0a2d7fc6092bb77abc7f7156b60

    • SHA1

      52f68073caec0fd424c7cbaaed5f5221d7103d20

    • SHA256

      25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0

    • SHA512

      685145c679413f82101c328ce4264c5f84d0347db1c5170e16d8a459b9ad12a87bf5e718e049e5c9c639e22197ee26d4aa33fac8c133b9d86772dfe1a8068dfc

    Score
    10/10
    smokeloaderbackdoortrojannetwalkercryptonepackerransomware

    • Detected Netwalker Ransomware

      Detected unpacked Netwalker executable.

    • Netwalker Ransomware

      Ransomware family with multiple versions. Also known as MailTo.

      ransomwarenetwalker

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks