Overview

overview

10

Static

static

zznyr.exe

windows7_x64

10

zznyr.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zznyr.zip

  • Size

    119KB

  • Sample

    210505-3r8dfdvcn2

  • MD5

    df9b3aaced175714b37ebd413b091821

  • SHA1

    62ede32d767f5da5cceedb2951205c0866667d8c

  • SHA256

    44bbed0f5e98d6fe0614be844e761ebec1cc4f7f094c959e8f4f9eb61e285316

  • SHA512

    d19dc16fc2637ece1962f427b88f6233018b7e76e0fe62edf26ec555f19d0c37bec9358e63651b72879c3b770545fc0633c95d63e90a6b8e8f92371609cb1906

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://etasuklavish.today/

http://mragyzmachnobesdi.today/

http://kimchinikuzims.today/

http://slacvostinrius.today/

http://straponuliusyn.today/

http://grammmdinss.today/

http://viprasputinsd.chimkent.su/

http://lupadypa.dagestan.su/

http://stoknolimchin.exnet.su/

http://musaroprovadnikov.live/

http://teemforyourexprensiti.life/

http://stolkgolmishutich.termez.su/

http://roompampamgandish.wtf/
rc4.i32
rc4.i32

Targets

    • Target

      zznyr.exe

    • Size

      216KB

    • MD5

      5fc0c71d463587258605f2d02e09a5a4

    • SHA1

      06496f6112c381595c33117d464e5661c8ba0446

    • SHA256

      c70cc295c2122ca685c61b19d669508964ecb089259e7cb8c366ede726d08e06

    • SHA512

      763d76ecb89dc7fc14e6af3ad4e89de1684b0f53fabbe482137a60770a8c1ba73c274dd1813a6fcd7e2ac911aaab62f29f84b36e0ec5c74308135017495b240d

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks