smokeloader | e3148cf77b9313eb1fc2d9c76ff98ea77c878321beb56481f23f37e6c6199ee9 | Triage

Submit
Reports

Overview

overview

Static

static

2021BR04IS15.doc

windows7_x64

2021BR04IS15.doc

windows10_x64

1

Sharing

General

Target

2021BR04IS15.doc
Size

1.4MB
Sample

210415-j12plvfr4n
MD5

dfaff4e0aad9296b882310322c211efa
SHA1

7bd779022d831e957078f699119bb60290cde3db
SHA256

e3148cf77b9313eb1fc2d9c76ff98ea77c878321beb56481f23f37e6c6199ee9
SHA512

fe9058f368d0ae3b2fa7feba3b07d0610398ab4093df582757d8efb491dab72b72aa0d27728da0704f272a7b700cc51b7e9a09efeed652a19d7f95a5b9d9bace

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

2021BR04IS15.doc

Resource

win7v20210408

smokeloader backdoor trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2021BR04IS15.doc

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

httPs://paste.ee/r/Rbngj

ps1.dropper

httPs://paste.ee/r/ezAoz

Extracted

Family

smokeloader

Version

2018

C2

http://bristell.com/0/

rc4.i32

rc4.i32

Targets

- Target
  
  2021BR04IS15.doc
- Size
  
  1.4MB
- MD5
  
  dfaff4e0aad9296b882310322c211efa
- SHA1
  
  7bd779022d831e957078f699119bb60290cde3db
- SHA256
  
  e3148cf77b9313eb1fc2d9c76ff98ea77c878321beb56481f23f37e6c6199ee9
- SHA512
  
  fe9058f368d0ae3b2fa7feba3b07d0610398ab4093df582757d8efb491dab72b72aa0d27728da0704f272a7b700cc51b7e9a09efeed652a19d7f95a5b9d9bace
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

© 2018-2024

Terms | Privacy