smokeloader | 3d943b4db1f8f85c9437a991ca76ad8c45f217c94a357b98780a3a6c4e7152cf | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

3d943b4db1f8f85c9437a991ca76ad8c45f217c94a357b98780a3a6c4e7152cf
Size

317KB
Sample

220125-d93mnagadq
MD5

9717203f29118d2e0f5a85c6472f2af1
SHA1

c2319522002994dc37bf63f7f8bf54f73b1397a9
SHA256

3d943b4db1f8f85c9437a991ca76ad8c45f217c94a357b98780a3a6c4e7152cf
SHA512

629480a0f9d52fd983c2b6e0ac79b7f05537d5c9bb02d4fb39cedae8cfffc3731da107ea90a352b2a4bdaa7232904f9d0b3ed3b1820c608bcdd1fc39aa0e52b7

Score

10^/10

smokeloader backdoor evasion suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

3d943b4db1f8f85c9437a991ca76ad8c45f217c94a357b98780a3a6c4e7152cf.exe

Resource

win10-en-20211208

smokeloader backdoor evasion suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://abpa.at/upload/

http://emaratghajari.com/upload/

http://d7qw.cn/upload/

http://alumik-group.ru/upload/

http://zamkikurgan.ru/upload/

rc4.i32

rc4.i32

Targets

- Target
  
  3d943b4db1f8f85c9437a991ca76ad8c45f217c94a357b98780a3a6c4e7152cf
- Size
  
  317KB
- MD5
  
  9717203f29118d2e0f5a85c6472f2af1
- SHA1
  
  c2319522002994dc37bf63f7f8bf54f73b1397a9
- SHA256
  
  3d943b4db1f8f85c9437a991ca76ad8c45f217c94a357b98780a3a6c4e7152cf
- SHA512
  
  629480a0f9d52fd983c2b6e0ac79b7f05537d5c9bb02d4fb39cedae8cfffc3731da107ea90a352b2a4bdaa7232904f9d0b3ed3b1820c608bcdd1fc39aa0e52b7
Score

10^/10

smokeloader backdoor evasion suricata trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorevasionsuricatatrojan

© 2018-2024

Terms | Privacy