Overview

overview

10

Static

static

406cd7548c...1d.exe

windows7_x64

10

406cd7548c...1d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    406cd7548ccfafd8d86ae3195203847a5197df423721b3c8375d00ab08a7a91d

  • Size

    250KB

  • Sample

    220708-v3arqsega6

  • MD5

    b9276248f6f0cc3791a9fc138c7e5cd6

  • SHA1

    926595afcdd25fb3425e7483ef56b543a9042ba0

  • SHA256

    406cd7548ccfafd8d86ae3195203847a5197df423721b3c8375d00ab08a7a91d

  • SHA512

    f64adeef8d7ebe297b4c4c558c5ca7bcdc267eeeaeade556bbce1eb0fd51c8cc22f5c5b0ebbd3cb0aadfbf5b87436f727ee0666eca2b0f9cc80ebfbb78ec50d5

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://lufdx2.com/2/

http://gvs1.in/2/

http://jdcbhs.ru/2/

http://m21ch.com/2/

http://gdlvw1.com/2/
rc4.i32
rc4.i32

Targets

    • Target

      406cd7548ccfafd8d86ae3195203847a5197df423721b3c8375d00ab08a7a91d

    • Size

      250KB

    • MD5

      b9276248f6f0cc3791a9fc138c7e5cd6

    • SHA1

      926595afcdd25fb3425e7483ef56b543a9042ba0

    • SHA256

      406cd7548ccfafd8d86ae3195203847a5197df423721b3c8375d00ab08a7a91d

    • SHA512

      f64adeef8d7ebe297b4c4c558c5ca7bcdc267eeeaeade556bbce1eb0fd51c8cc22f5c5b0ebbd3cb0aadfbf5b87436f727ee0666eca2b0f9cc80ebfbb78ec50d5

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks