smokeloader | 7e89abb6c63fe75863aa690ab42f2a3f0036d729e138357fbb0640be0be83d72 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

7e89abb6c63fe75863aa690ab42f2a3f0036d729e138357fbb0640be0be83d72
Size

273KB
Sample

221005-nyv4jsedhj
MD5

68467323a4ce2ba905d8eaa4d4776393
SHA1

0e14019799ee85d2cdce58a6b79b1cce534b384b
SHA256

7e89abb6c63fe75863aa690ab42f2a3f0036d729e138357fbb0640be0be83d72
SHA512

3ce641c3b2e4e8b5062be7af127dfb6f477b1a69643dbae67518f4f58ea928f1197bfb3f73f98f4994595771c7ed18961b11d0b206ebd0684f3f78a765f59cac
SSDEEP

6144:e+fq4ifLTv/LRmMgY20SV4buzbgwuW03wVf:eyq4ifPv/1GYquunnj

Score

10^/10

smokeloader backdoor pyinstaller spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

7e89abb6c63fe75863aa690ab42f2a3f0036d729e138357fbb0640be0be83d72.exe

Resource

win10-20220812-en

smokeloader backdoor pyinstaller spyware stealer trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  7e89abb6c63fe75863aa690ab42f2a3f0036d729e138357fbb0640be0be83d72
- Size
  
  273KB
- MD5
  
  68467323a4ce2ba905d8eaa4d4776393
- SHA1
  
  0e14019799ee85d2cdce58a6b79b1cce534b384b
- SHA256
  
  7e89abb6c63fe75863aa690ab42f2a3f0036d729e138357fbb0640be0be83d72
- SHA512
  
  3ce641c3b2e4e8b5062be7af127dfb6f477b1a69643dbae67518f4f58ea928f1197bfb3f73f98f4994595771c7ed18961b11d0b206ebd0684f3f78a765f59cac
- SSDEEP
  
  6144:e+fq4ifLTv/LRmMgY20SV4buzbgwuW03wVf:eyq4ifPv/1GYquunnj
Score

10^/10

smokeloader backdoor pyinstaller spyware stealer trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpyinstallerspywarestealertrojan

© 2018-2024

Terms | Privacy