Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    286KB

  • Sample

    221105-mmnpnafch6

  • MD5

    be50ca237f863bdba5da3a8611d35bc2

  • SHA1

    ed2cecd55057023782f216aeb296a3a7eae0f92f

  • SHA256

    ede1c9f32404351fc3dbd389b7dc0734b95586f2827dffa01dc0482549855202

  • SHA512

    536e2dff104fd043441a1a48531e4e86039165d28b342a7f550d7f2078a99ba6e0609dea2665c6e532caaeb15c65a57fe3f2dbcae7a64025183460b966674548

  • SSDEEP

    3072:YYqDquggQLf5q0fTrraXB75J8Nu/ttYmd7eUXDw/AnUs:/qfQk0fmPeiKAlDwIUs

Score
10/10
smokeloaderbackdoordiscoverytrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      286KB

    • MD5

      be50ca237f863bdba5da3a8611d35bc2

    • SHA1

      ed2cecd55057023782f216aeb296a3a7eae0f92f

    • SHA256

      ede1c9f32404351fc3dbd389b7dc0734b95586f2827dffa01dc0482549855202

    • SHA512

      536e2dff104fd043441a1a48531e4e86039165d28b342a7f550d7f2078a99ba6e0609dea2665c6e532caaeb15c65a57fe3f2dbcae7a64025183460b966674548

    • SSDEEP

      3072:YYqDquggQLf5q0fTrraXB75J8Nu/ttYmd7eUXDw/AnUs:/qfQk0fmPeiKAlDwIUs

    Score
    10/10
    smokeloaderbackdoortrojandiscovery

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks