Overview

overview

10

Static

static

25c32a505e...dc.exe

windows7_x64

10

25c32a505e...dc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25c32a505e4d2cdf8a7686a897482cf1511a682768d67907ce573531af3118dc

  • Size

    252KB

  • Sample

    220611-wnrmdaehg8

  • MD5

    9063c1775e11da7691346e7daa0cd238

  • SHA1

    e12356b4086b69eacd72a9fcaf36dcb0b7294b92

  • SHA256

    25c32a505e4d2cdf8a7686a897482cf1511a682768d67907ce573531af3118dc

  • SHA512

    abca6571223276716f8b8e8752b83ebc5cf68d3ca735bb15626193b0a29c73a48d6bdcf596749123d9af9225de2e77f9b6ac1a71144289b8432d60d408e79244

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2019

C2

http://gvs1.in/3/

http://jdcbhs.ru/3/

http://m21ch.com/3/

http://cnocks.net/3/
rc4.i32
rc4.i32

Targets

    • Target

      25c32a505e4d2cdf8a7686a897482cf1511a682768d67907ce573531af3118dc

    • Size

      252KB

    • MD5

      9063c1775e11da7691346e7daa0cd238

    • SHA1

      e12356b4086b69eacd72a9fcaf36dcb0b7294b92

    • SHA256

      25c32a505e4d2cdf8a7686a897482cf1511a682768d67907ce573531af3118dc

    • SHA512

      abca6571223276716f8b8e8752b83ebc5cf68d3ca735bb15626193b0a29c73a48d6bdcf596749123d9af9225de2e77f9b6ac1a71144289b8432d60d408e79244

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks