Overview

overview

10

Static

static

4d95c7b22d...b6.exe

windows7_x64

10

4d95c7b22d...b6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d95c7b22d409fcd1ddfc676fd70a08040bf0eaf3463c8b81383845f0da7dcb6

  • Size

    194KB

  • Sample

    220712-cyzwysfcaj

  • MD5

    f4cc45720860bc49e664d7b1b94e09ac

  • SHA1

    4a653d104aeb601dd501ca7a6eb5be8c9caccb2b

  • SHA256

    4d95c7b22d409fcd1ddfc676fd70a08040bf0eaf3463c8b81383845f0da7dcb6

  • SHA512

    b787db6f5cad3deef45140df7e88c80e0b835c3e31dd85e4f5882e39307e3cd19b3262d91a018df3d2f85362ed92e09371b100770813d462829e6a23227925cc

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://mailcdn-office365.io/

http://update-vmware-service.com/

http://rocket365.to/
rc4.i32
rc4.i32

Targets

    • Target

      4d95c7b22d409fcd1ddfc676fd70a08040bf0eaf3463c8b81383845f0da7dcb6

    • Size

      194KB

    • MD5

      f4cc45720860bc49e664d7b1b94e09ac

    • SHA1

      4a653d104aeb601dd501ca7a6eb5be8c9caccb2b

    • SHA256

      4d95c7b22d409fcd1ddfc676fd70a08040bf0eaf3463c8b81383845f0da7dcb6

    • SHA512

      b787db6f5cad3deef45140df7e88c80e0b835c3e31dd85e4f5882e39307e3cd19b3262d91a018df3d2f85362ed92e09371b100770813d462829e6a23227925cc

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks