smokeloader | 3d3df80f62c7b2ae830dcccf38626443004f61f0c44750cd8e8b3a84b615fc0e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

3d3df80f62c7b2ae830dcccf38626443004f61f0c44750cd8e8b3a84b615fc0e
Size

318KB
Sample

211203-xtv3eshbhq
MD5

392562636ab2d7aafc43c18a7540ef57
SHA1

326d538909ece8442b3c5c73869c24e56e24e181
SHA256

3d3df80f62c7b2ae830dcccf38626443004f61f0c44750cd8e8b3a84b615fc0e
SHA512

e85f5f9c958a4f344cf88dc6fb126474d44381e92b6a0407818af74407e91c3d1ec436f6d8623bde25e1bf6cd62f43674ed48f4c52d9ce99e8abdfa84bcf9419

Score

10^/10

smokeloader backdoor collection evasion suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

3d3df80f62c7b2ae830dcccf38626443004f61f0c44750cd8e8b3a84b615fc0e.exe

Resource

win10-en-20211104

smokeloader backdoor collection evasion suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://cinems.club/search.php

https://clothes.surf/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  3d3df80f62c7b2ae830dcccf38626443004f61f0c44750cd8e8b3a84b615fc0e
- Size
  
  318KB
- MD5
  
  392562636ab2d7aafc43c18a7540ef57
- SHA1
  
  326d538909ece8442b3c5c73869c24e56e24e181
- SHA256
  
  3d3df80f62c7b2ae830dcccf38626443004f61f0c44750cd8e8b3a84b615fc0e
- SHA512
  
  e85f5f9c958a4f344cf88dc6fb126474d44381e92b6a0407818af74407e91c3d1ec436f6d8623bde25e1bf6cd62f43674ed48f4c52d9ce99e8abdfa84bcf9419
Score

10^/10

smokeloader backdoor collection evasion suricata trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorcollectionevasionsuricatatrojan

© 2018-2024

Terms | Privacy