smokeloader | 4da9e075945487af345cd21b7d72c39e1143c606f05943572002d2bc8839335a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

4da9e075945487af345cd21b7d72c39e1143c606f05943572002d2bc8839335a
Size

357KB
Sample

220126-14gvbsbbbk
MD5

a5a3552609dd9aeb0333271b7480433f
SHA1

4f1f224748911e46d835eaf2f3ed30db739861c4
SHA256

4da9e075945487af345cd21b7d72c39e1143c606f05943572002d2bc8839335a
SHA512

499f4111a3370f8eaa8dcc56df71d25546b5960ea3d0b3eaae2667ec58aa84b16e8a91090c250c14234930dc59b61fe169dd0dfb2344ebdb64a09303726bc07a

Score

10^/10

smokeloader backdoor evasion persistence suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

4da9e075945487af345cd21b7d72c39e1143c606f05943572002d2bc8839335a.exe

Resource

win10v2004-en-20220112

smokeloader backdoor evasion persistence suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://abpa.at/upload/

http://emaratghajari.com/upload/

http://d7qw.cn/upload/

http://alumik-group.ru/upload/

http://zamkikurgan.ru/upload/

https://oakland-studio.video/search.php

https://seattle-university.video/search.php

rc4.i32

rc4.i32

rc4.i32

rc4.i32

Targets

- Target
  
  4da9e075945487af345cd21b7d72c39e1143c606f05943572002d2bc8839335a
- Size
  
  357KB
- MD5
  
  a5a3552609dd9aeb0333271b7480433f
- SHA1
  
  4f1f224748911e46d835eaf2f3ed30db739861c4
- SHA256
  
  4da9e075945487af345cd21b7d72c39e1143c606f05943572002d2bc8839335a
- SHA512
  
  499f4111a3370f8eaa8dcc56df71d25546b5960ea3d0b3eaae2667ec58aa84b16e8a91090c250c14234930dc59b61fe169dd0dfb2344ebdb64a09303726bc07a
Score

10^/10

smokeloader backdoor evasion persistence suricata trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateProcessExOtherParentProcess
- suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorevasionpersistencesuricatatrojan

© 2018-2024

Terms | Privacy