Overview

overview

10

Static

static

4ad7edece0...3c.exe

windows7_x64

10

4ad7edece0...3c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ad7edece0219c510a320143200f7f65985bfcf3c237f14e25fdcb7a0575a93c

  • Size

    456KB

  • Sample

    220625-v6srqadgar

  • MD5

    1257ddc34adcd280abf6c9035bd84a5c

  • SHA1

    4e0786eaef0cbd39e1c5d1932c36eab1d64cd2df

  • SHA256

    4ad7edece0219c510a320143200f7f65985bfcf3c237f14e25fdcb7a0575a93c

  • SHA512

    079fc8bbe872f4ff995093f5a1ab54293da568ef34bbcdfe866525635b8793af6b0aa0272e063c6becba5c5f0c15048c44e1c71cc19a7a38ca456b4b87a1d13e

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://bepargotunhis.host/smkbg/

http://somatedsedse.host/smkbg/
rc4.i32
rc4.i32

Targets

    • Target

      4ad7edece0219c510a320143200f7f65985bfcf3c237f14e25fdcb7a0575a93c

    • Size

      456KB

    • MD5

      1257ddc34adcd280abf6c9035bd84a5c

    • SHA1

      4e0786eaef0cbd39e1c5d1932c36eab1d64cd2df

    • SHA256

      4ad7edece0219c510a320143200f7f65985bfcf3c237f14e25fdcb7a0575a93c

    • SHA512

      079fc8bbe872f4ff995093f5a1ab54293da568ef34bbcdfe866525635b8793af6b0aa0272e063c6becba5c5f0c15048c44e1c71cc19a7a38ca456b4b87a1d13e

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks