Overview

overview

10

Static

static

7baa6cea4b...a4.exe

windows7_x64

10

7baa6cea4b...a4.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7baa6cea4b9b1b0f66ffb2b9d93d53a4.exe

  • Size

    32KB

  • Sample

    210416-y9e771ps1x

  • MD5

    7baa6cea4b9b1b0f66ffb2b9d93d53a4

  • SHA1

    102d149736c11dc870886dc7e2c815478f5edb53

  • SHA256

    8d27b92f0d5ee664cc8801c64cb090034fc42cdede43f96a638420e183ffc73a

  • SHA512

    bbdfae542dbd5cda2e31fb3e9bcdc9705935a93efa1d4b133fd72430d042da2a216ff328865366dbebc5873d2ec46d8e1187b6644bcc5ac277ab6f34bba33c21

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://melonco.com/0/

rc4.i32
rc4.i32

Targets

    • Target

      7baa6cea4b9b1b0f66ffb2b9d93d53a4.exe

    • Size

      32KB

    • MD5

      7baa6cea4b9b1b0f66ffb2b9d93d53a4

    • SHA1

      102d149736c11dc870886dc7e2c815478f5edb53

    • SHA256

      8d27b92f0d5ee664cc8801c64cb090034fc42cdede43f96a638420e183ffc73a

    • SHA512

      bbdfae542dbd5cda2e31fb3e9bcdc9705935a93efa1d4b133fd72430d042da2a216ff328865366dbebc5873d2ec46d8e1187b6644bcc5ac277ab6f34bba33c21

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks