smokeloader | 03c212dd83158c5095d3db450555d73966d352190b20f51c6580d1da7961f12c | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

03c212dd83158c5095d3db450555d73966d352190b20f51c6580d1da7961f12c
Size

247KB
Sample

211204-hyavqaaegl
MD5

06a4fbd475e2f13d3080d62ce527d5b5
SHA1

6a9cdfae612bdb024e3bf6fe53be57a28029e863
SHA256

03c212dd83158c5095d3db450555d73966d352190b20f51c6580d1da7961f12c
SHA512

5b5b67b2636c515f70a0a147ccbdef48148ec63b5c37a44964db35f0cd29e8564fafcaf5c9a39c7b326a1506e0f491fa39679fb63e6ecf90dfea30a31a170913

Score

10^/10

smokeloader backdoor collection evasion suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

03c212dd83158c5095d3db450555d73966d352190b20f51c6580d1da7961f12c.exe

Resource

win10-en-20211104

smokeloader backdoor collection evasion suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://cinems.club/search.php

https://clothes.surf/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  03c212dd83158c5095d3db450555d73966d352190b20f51c6580d1da7961f12c
- Size
  
  247KB
- MD5
  
  06a4fbd475e2f13d3080d62ce527d5b5
- SHA1
  
  6a9cdfae612bdb024e3bf6fe53be57a28029e863
- SHA256
  
  03c212dd83158c5095d3db450555d73966d352190b20f51c6580d1da7961f12c
- SHA512
  
  5b5b67b2636c515f70a0a147ccbdef48148ec63b5c37a44964db35f0cd29e8564fafcaf5c9a39c7b326a1506e0f491fa39679fb63e6ecf90dfea30a31a170913
Score

10^/10

smokeloader backdoor collection evasion suricata trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorcollectionevasionsuricatatrojan

© 2018-2024

Terms | Privacy