Overview

overview

10

Static

static

4028a9f457...2f.exe

windows7_x64

10

4028a9f457...2f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4028a9f457a6f23b54c7982e13853c1e9a25c6691ac3537b662b6f1ecd3eb02f

  • Size

    288KB

  • Sample

    220708-zw6ytahagj

  • MD5

    0bc92a75fc68d187be62dc5922a3822f

  • SHA1

    58c17080b7e55bfe31d66ad848fd54a492569a64

  • SHA256

    4028a9f457a6f23b54c7982e13853c1e9a25c6691ac3537b662b6f1ecd3eb02f

  • SHA512

    11cc4b13652635a4e9c3cf0bc992d9118852276e8d0b6afc7acc346b4233f57e807b05e15f658554d6354613cdef6f2a18d04e4923036647cdf65ccd35f6b512

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://js0c892.se/kw/

rc4.i32
rc4.i32

Targets

    • Target

      4028a9f457a6f23b54c7982e13853c1e9a25c6691ac3537b662b6f1ecd3eb02f

    • Size

      288KB

    • MD5

      0bc92a75fc68d187be62dc5922a3822f

    • SHA1

      58c17080b7e55bfe31d66ad848fd54a492569a64

    • SHA256

      4028a9f457a6f23b54c7982e13853c1e9a25c6691ac3537b662b6f1ecd3eb02f

    • SHA512

      11cc4b13652635a4e9c3cf0bc992d9118852276e8d0b6afc7acc346b4233f57e807b05e15f658554d6354613cdef6f2a18d04e4923036647cdf65ccd35f6b512

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks