erbium | 2123f46b435c2e8765a882624a35060d86226424c97a2b2a9edad4b75bd0ba3f | Triage

Submit
Reports

Overview

overview

Static

static

ab606f1f97...52.exe

windows7-x64

ab606f1f97...52.exe

windows10-2004-x64

Resubmissions

17/10/2022, 14:20

221017-rnkfvacaf6 10

15/10/2022, 17:37

221015-v65raafhaq 10

Sharing

Copy URL Twitter E-mail

General

Target

ab606f1f97bbc65edd55952a2daf2252.exe
Size

213KB
Sample

221017-rnkfvacaf6
MD5

ab606f1f97bbc65edd55952a2daf2252
SHA1

1ec0354c1f2a2ef61f3193511ea172f947734b13
SHA256

2123f46b435c2e8765a882624a35060d86226424c97a2b2a9edad4b75bd0ba3f
SHA512

483f86ad28e5c61a52eb8d874d82fbe559f3386b189b5e856fd5fabf9ad3fa604790828164e4e6249462fefb7183ee1f9f4a3ab93166501f29e740510eaafdac
SSDEEP

6144:Tv2LdFDqNR8H1N108GtQlOM0d80N6tzOZ:Tv2BFDqNRMN108iQlOxN6ROZ

Score

10^/10

erbium smokeloader backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ab606f1f97bbc65edd55952a2daf2252.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

ab606f1f97bbc65edd55952a2daf2252.exe

Resource

win10v2004-20220901-en

erbium smokeloader backdoor spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

erbium

C2

http://77.73.133.53/cloud/index.php

Targets

- Target
  
  ab606f1f97bbc65edd55952a2daf2252.exe
- Size
  
  213KB
- MD5
  
  ab606f1f97bbc65edd55952a2daf2252
- SHA1
  
  1ec0354c1f2a2ef61f3193511ea172f947734b13
- SHA256
  
  2123f46b435c2e8765a882624a35060d86226424c97a2b2a9edad4b75bd0ba3f
- SHA512
  
  483f86ad28e5c61a52eb8d874d82fbe559f3386b189b5e856fd5fabf9ad3fa604790828164e4e6249462fefb7183ee1f9f4a3ab93166501f29e740510eaafdac
- SSDEEP
  
  6144:Tv2LdFDqNR8H1N108GtQlOM0d80N6tzOZ:Tv2BFDqNRMN108iQlOxN6ROZ
Score

10^/10

smokeloader backdoor trojan erbium spyware stealer
- Detects Smokeloader packer
- Erbium
  Erbium is an infostealer written in C++ and first seen in July 2022.
  stealer erbium
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

erbiumsmokeloaderbackdoorspywarestealertrojan

© 2018-2025

Terms | Privacy