smokeloader | 629a20c37a4f23583a09634a1e8fbe14a2bdb1cb0af2faae5c5c45eafdfbecc9 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

629a20c37a4f23583a09634a1e8fbe14a2bdb1cb0af2faae5c5c45eafdfbecc9
Size

304KB
Sample

220521-t91q3adeak
MD5

bf2ecf39567f1fff298c49881148a3b8
SHA1

2b41022b6b9b7cb5d77951dab3c023fb8c7cf809
SHA256

629a20c37a4f23583a09634a1e8fbe14a2bdb1cb0af2faae5c5c45eafdfbecc9
SHA512

bfbb7f24ccd352b9b89d383e0aa91c7ddaa9bb24ffb160a9f2e29f14a8686db0e1efd7e8129a75ccc6f330eae955c28d8d5513227a1ba58a2eec83fba4d9be31

Score

10^/10

smokeloader backdoor evasion suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

629a20c37a4f23583a09634a1e8fbe14a2bdb1cb0af2faae5c5c45eafdfbecc9.exe

Resource

win10v2004-20220414-en

smokeloader backdoor evasion suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://ny-city-mall.com/search.php

https://fresh-cars.net/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  629a20c37a4f23583a09634a1e8fbe14a2bdb1cb0af2faae5c5c45eafdfbecc9
- Size
  
  304KB
- MD5
  
  bf2ecf39567f1fff298c49881148a3b8
- SHA1
  
  2b41022b6b9b7cb5d77951dab3c023fb8c7cf809
- SHA256
  
  629a20c37a4f23583a09634a1e8fbe14a2bdb1cb0af2faae5c5c45eafdfbecc9
- SHA512
  
  bfbb7f24ccd352b9b89d383e0aa91c7ddaa9bb24ffb160a9f2e29f14a8686db0e1efd7e8129a75ccc6f330eae955c28d8d5513227a1ba58a2eec83fba4d9be31
Score

10^/10

smokeloader backdoor evasion suricata trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- Modifies Windows Firewall
  evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorevasionsuricatatrojan

© 2018-2024

Terms | Privacy