Overview

overview

10

Static

static

4595fec466...b8.exe

windows7_x64

10

4595fec466...b8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4595fec4663782656a5b7d10afc137959b845117eb187fbb301193689d976ab8

  • Size

    208KB

  • Sample

    220707-nksq9shad8

  • MD5

    839e94b6867d60c8b448f0d008bfdddf

  • SHA1

    0c811c40984e0695728e8a622031c93a5df0588f

  • SHA256

    4595fec4663782656a5b7d10afc137959b845117eb187fbb301193689d976ab8

  • SHA512

    31632e29730108eefd13f822c0bb11eb13e5e88dc957201fbfc78ac7c680d9e518552913f7935a56c1eb0a07df7f48ce332ccffac547dd487420777107fc51f1

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2019

C2

http://gvs1.in/3/

http://jdcbhs.ru/3/

http://m21ch.com/3/

http://cnocks.net/3/
rc4.i32
rc4.i32

Targets

    • Target

      4595fec4663782656a5b7d10afc137959b845117eb187fbb301193689d976ab8

    • Size

      208KB

    • MD5

      839e94b6867d60c8b448f0d008bfdddf

    • SHA1

      0c811c40984e0695728e8a622031c93a5df0588f

    • SHA256

      4595fec4663782656a5b7d10afc137959b845117eb187fbb301193689d976ab8

    • SHA512

      31632e29730108eefd13f822c0bb11eb13e5e88dc957201fbfc78ac7c680d9e518552913f7935a56c1eb0a07df7f48ce332ccffac547dd487420777107fc51f1

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks