Overview

overview

10

Static

static

1b51cfbc5d...db.exe

windows7_x64

10

1b51cfbc5d...db.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b51cfbc5d317f8391c06d9b12f1bae49933a4d2ed2bf02e2bbe50adebfefbdb

  • Size

    678KB

  • Sample

    220607-xsf7wadfcq

  • MD5

    5ae024bcec36515fe1675ada2937e973

  • SHA1

    c8e832af2e8a1dd61a4e8d0dbb51a639f8967bd6

  • SHA256

    1b51cfbc5d317f8391c06d9b12f1bae49933a4d2ed2bf02e2bbe50adebfefbdb

  • SHA512

    02a7e62d5aaa699414248651b2f17fad6d3b672ccde2d5358e285ac7a282a231cb8113bdf88a66ec6e85fec267e636ee6425e517c774abd4cf99aa052386bdf6

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://anotherblock.bit/

http://elepsices.bit/
rc4.i32
rc4.i32

Targets

    • Target

      1b51cfbc5d317f8391c06d9b12f1bae49933a4d2ed2bf02e2bbe50adebfefbdb

    • Size

      678KB

    • MD5

      5ae024bcec36515fe1675ada2937e973

    • SHA1

      c8e832af2e8a1dd61a4e8d0dbb51a639f8967bd6

    • SHA256

      1b51cfbc5d317f8391c06d9b12f1bae49933a4d2ed2bf02e2bbe50adebfefbdb

    • SHA512

      02a7e62d5aaa699414248651b2f17fad6d3b672ccde2d5358e285ac7a282a231cb8113bdf88a66ec6e85fec267e636ee6425e517c774abd4cf99aa052386bdf6

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks