Overview

overview

10

Static

static

425b9cd4f2...27.exe

windows7_x64

10

425b9cd4f2...27.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    425b9cd4f233bf9c68bf2f965717e36348911ea057d3792ebc862caea077bf27

  • Size

    210KB

  • Sample

    220708-dacbeseccp

  • MD5

    4a664f5bfd63570f209fa6cf42467eaf

  • SHA1

    bd61a99af933bde5d4c341520e30b62034139c7c

  • SHA256

    425b9cd4f233bf9c68bf2f965717e36348911ea057d3792ebc862caea077bf27

  • SHA512

    62c17b99f91ede151fbd328ff7203efdc4cee1f11207f029b85065bacc426c9c585a4f7fd3fb970d1ff679367852cedff8fe2f7641873bf9ed43d9144a95b232

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://proxy-exe.bit/2/

http://kiyanka.club/2/

http://d3s1.me/2/
rc4.i32
rc4.i32

Targets

    • Target

      425b9cd4f233bf9c68bf2f965717e36348911ea057d3792ebc862caea077bf27

    • Size

      210KB

    • MD5

      4a664f5bfd63570f209fa6cf42467eaf

    • SHA1

      bd61a99af933bde5d4c341520e30b62034139c7c

    • SHA256

      425b9cd4f233bf9c68bf2f965717e36348911ea057d3792ebc862caea077bf27

    • SHA512

      62c17b99f91ede151fbd328ff7203efdc4cee1f11207f029b85065bacc426c9c585a4f7fd3fb970d1ff679367852cedff8fe2f7641873bf9ed43d9144a95b232

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks