smokeloader | f0dc732a1e1f8d6e554ab36653632de8723d43a4da505c388609f5ed63816543 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

f0dc732a1e1f8d6e554ab36653632de8723d43a4da505c388609f5ed63816543
Size

317KB
Sample

220125-2w3mhaggem
MD5

9d2468099aa2f693642790f0312f5fb1
SHA1

ea24e81a4314eae7abe8de96aa03844691fe1e35
SHA256

f0dc732a1e1f8d6e554ab36653632de8723d43a4da505c388609f5ed63816543
SHA512

0dc4177039b797caab26a23b225a6fba1962d2302f603e7c2fa2ebea2b4f5bf9bd7e4c79af890409f5ffdfcb5e9867f0a100c5104a561502c02da9530a693432

Score

10^/10

smokeloader backdoor collection evasion suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

f0dc732a1e1f8d6e554ab36653632de8723d43a4da505c388609f5ed63816543.exe

Resource

win10-en-20211208

smokeloader backdoor collection evasion suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://abpa.at/upload/

http://emaratghajari.com/upload/

http://d7qw.cn/upload/

http://alumik-group.ru/upload/

http://zamkikurgan.ru/upload/

https://oakland-studio.video/search.php

https://seattle-university.video/search.php

rc4.i32

rc4.i32

rc4.i32

rc4.i32

Targets

- Target
  
  f0dc732a1e1f8d6e554ab36653632de8723d43a4da505c388609f5ed63816543
- Size
  
  317KB
- MD5
  
  9d2468099aa2f693642790f0312f5fb1
- SHA1
  
  ea24e81a4314eae7abe8de96aa03844691fe1e35
- SHA256
  
  f0dc732a1e1f8d6e554ab36653632de8723d43a4da505c388609f5ed63816543
- SHA512
  
  0dc4177039b797caab26a23b225a6fba1962d2302f603e7c2fa2ebea2b4f5bf9bd7e4c79af890409f5ffdfcb5e9867f0a100c5104a561502c02da9530a693432
Score

10^/10

smokeloader backdoor collection evasion suricata trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorcollectionevasionsuricatatrojan

© 2018-2024

Terms | Privacy