smokeloader | 8f75ade281cef47a724bdba20add329b011faf640b3fd412453e85a2a98d9142 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

8f75ade281cef47a724bdba20add329b011faf640b3fd412453e85a2a98d9142
Size

189KB
Sample

220127-wnnwgsgfgm
MD5

7b1e062b4e8a82c519a9ab395d4b0b0f
SHA1

624d89d3dfb737d549215ce15055176d28fb4c61
SHA256

8f75ade281cef47a724bdba20add329b011faf640b3fd412453e85a2a98d9142
SHA512

0a177bb33274ace72d41ff47913cc182908dac693ef85a67f8317c801d4471b6f95878342a3d8635d8502de48d8979191fa67e8099efc4b0aaf404090f7ddc64

Score

10^/10

smokeloader backdoor collection evasion suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

8f75ade281cef47a724bdba20add329b011faf640b3fd412453e85a2a98d9142.exe

Resource

win10-en-20211208

smokeloader backdoor collection evasion suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://oakland-studio.video/search.php

https://seattle-university.video/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  8f75ade281cef47a724bdba20add329b011faf640b3fd412453e85a2a98d9142
- Size
  
  189KB
- MD5
  
  7b1e062b4e8a82c519a9ab395d4b0b0f
- SHA1
  
  624d89d3dfb737d549215ce15055176d28fb4c61
- SHA256
  
  8f75ade281cef47a724bdba20add329b011faf640b3fd412453e85a2a98d9142
- SHA512
  
  0a177bb33274ace72d41ff47913cc182908dac693ef85a67f8317c801d4471b6f95878342a3d8635d8502de48d8979191fa67e8099efc4b0aaf404090f7ddc64
Score

10^/10

smokeloader backdoor collection evasion suricata trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- Modifies Windows Firewall
  evasion
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorcollectionevasionsuricatatrojan

© 2018-2024

Terms | Privacy