smokeloader | ee1f203a8db154c323fc1d72950a1ad367a94ca45da2ba726cbcb8708ab12cd2 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

ee1f203a8db154c323fc1d72950a1ad367a94ca45da2ba726cbcb8708ab12cd2
Size

241KB
Sample

220127-e1g52afder
MD5

cffd474ad7818304eb575dae2b0c52b1
SHA1

b27607d79eed909c629cc78e0fbd1bb830470db7
SHA256

ee1f203a8db154c323fc1d72950a1ad367a94ca45da2ba726cbcb8708ab12cd2
SHA512

1f9d7d934c81c902b19c877c150e1c44ce1db8b777b3bfd5099c20fca8c73a4861a98a2648751bbd9e6e0643218aad256b760555e559897ab2adcd26a6777975

Score

10^/10

smokeloader backdoor collection evasion suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

ee1f203a8db154c323fc1d72950a1ad367a94ca45da2ba726cbcb8708ab12cd2.exe

Resource

win10-en-20211208

smokeloader backdoor collection evasion suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://abpa.at/upload/

http://emaratghajari.com/upload/

http://d7qw.cn/upload/

http://alumik-group.ru/upload/

http://zamkikurgan.ru/upload/

https://oakland-studio.video/search.php

https://seattle-university.video/search.php

rc4.i32

rc4.i32

rc4.i32

rc4.i32

Targets

- Target
  
  ee1f203a8db154c323fc1d72950a1ad367a94ca45da2ba726cbcb8708ab12cd2
- Size
  
  241KB
- MD5
  
  cffd474ad7818304eb575dae2b0c52b1
- SHA1
  
  b27607d79eed909c629cc78e0fbd1bb830470db7
- SHA256
  
  ee1f203a8db154c323fc1d72950a1ad367a94ca45da2ba726cbcb8708ab12cd2
- SHA512
  
  1f9d7d934c81c902b19c877c150e1c44ce1db8b777b3bfd5099c20fca8c73a4861a98a2648751bbd9e6e0643218aad256b760555e559897ab2adcd26a6777975
Score

10^/10

smokeloader backdoor collection evasion suricata trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorcollectionevasionsuricatatrojan

© 2018-2024

Terms | Privacy