Overview

overview

10

Static

static

4283ca37bf...4c.exe

windows7_x64

10

4283ca37bf...4c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4283ca37bfb638cf5beb9579af09eb1d40f11cedb7f5690ab36bc97a7af5c74c

  • Size

    356KB

  • Sample

    220625-cw99xachd4

  • MD5

    a3789a435139fbace70f534c17a6590a

  • SHA1

    8d75ed3179f4217736ee2b981e33d9e494e3c892

  • SHA256

    4283ca37bfb638cf5beb9579af09eb1d40f11cedb7f5690ab36bc97a7af5c74c

  • SHA512

    b4355d5c4f8d84558fb2f0459017646028c81721b96f4e21c73e995ced692bef216d1a1ac0a48ac61c6303dba77ac09110b4d984997ea5e77b2c08478c0d03e1

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://js0c892.se/wp/

rc4.i32
rc4.i32

Targets

    • Target

      4283ca37bfb638cf5beb9579af09eb1d40f11cedb7f5690ab36bc97a7af5c74c

    • Size

      356KB

    • MD5

      a3789a435139fbace70f534c17a6590a

    • SHA1

      8d75ed3179f4217736ee2b981e33d9e494e3c892

    • SHA256

      4283ca37bfb638cf5beb9579af09eb1d40f11cedb7f5690ab36bc97a7af5c74c

    • SHA512

      b4355d5c4f8d84558fb2f0459017646028c81721b96f4e21c73e995ced692bef216d1a1ac0a48ac61c6303dba77ac09110b4d984997ea5e77b2c08478c0d03e1

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks