Overview

overview

10

Static

static

46aec41c3b...17.exe

windows7_x64

10

46aec41c3b...17.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46aec41c3bc850cf147e9d2e4fad4a1b60b22c0e8d238bd67e68bc1784a42a17

  • Size

    356KB

  • Sample

    220707-jwrwwsaah3

  • MD5

    10dd5160a2f6a3478d45db45ed5ba689

  • SHA1

    e5f76fcf92d3819006213bc9c9c069f1f4f18ff8

  • SHA256

    46aec41c3bc850cf147e9d2e4fad4a1b60b22c0e8d238bd67e68bc1784a42a17

  • SHA512

    46aaba0eb1c11eeb6611ae61f3d10492b0f39c6536511848532715d5128f2726f135dfb4b0b9941b7e7f2fb540f2784935f3fc4e891d7b8bb9d6ce400dc57b4d

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://klub11n.se/zb/

rc4.i32
rc4.i32

Targets

    • Target

      46aec41c3bc850cf147e9d2e4fad4a1b60b22c0e8d238bd67e68bc1784a42a17

    • Size

      356KB

    • MD5

      10dd5160a2f6a3478d45db45ed5ba689

    • SHA1

      e5f76fcf92d3819006213bc9c9c069f1f4f18ff8

    • SHA256

      46aec41c3bc850cf147e9d2e4fad4a1b60b22c0e8d238bd67e68bc1784a42a17

    • SHA512

      46aaba0eb1c11eeb6611ae61f3d10492b0f39c6536511848532715d5128f2726f135dfb4b0b9941b7e7f2fb540f2784935f3fc4e891d7b8bb9d6ce400dc57b4d

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks