Overview

overview

10

Static

static

c2d0e05fe4...cb.exe

windows7-x64

10

c2d0e05fe4...cb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c2d0e05fe40602957d0747f04c82abcb.exe

  • Size

    286KB

  • Sample

    221106-vlthhscea7

  • MD5

    c2d0e05fe40602957d0747f04c82abcb

  • SHA1

    592d5bbd221938923a428532b854024044fbdf80

  • SHA256

    6bc4e35ec25a914da558ec5057d0dde538e373411f137a5b15adca79200123b9

  • SHA512

    b7bbcb8fa777dd4f832ae677b2c27fd61dc658b70c77d79168b81cfeea6ee4b1863d8f6a13c4dc500e70d23f198af12f6b64c6470439a7da2d7a29ea16f4d58d

  • SSDEEP

    3072:0upJiecMVhA5LH6N9e8Y43cMCARrmT+l6gR:HiOzaa1Y/Gag

Score
10/10
smokeloaderbackdoordiscoveryspywarestealertrojan

Malware Config

Targets

    • Target

      c2d0e05fe40602957d0747f04c82abcb.exe

    • Size

      286KB

    • MD5

      c2d0e05fe40602957d0747f04c82abcb

    • SHA1

      592d5bbd221938923a428532b854024044fbdf80

    • SHA256

      6bc4e35ec25a914da558ec5057d0dde538e373411f137a5b15adca79200123b9

    • SHA512

      b7bbcb8fa777dd4f832ae677b2c27fd61dc658b70c77d79168b81cfeea6ee4b1863d8f6a13c4dc500e70d23f198af12f6b64c6470439a7da2d7a29ea16f4d58d

    • SSDEEP

      3072:0upJiecMVhA5LH6N9e8Y43cMCARrmT+l6gR:HiOzaa1Y/Gag

    Score
    10/10
    smokeloaderbackdoortrojandiscoveryspywarestealer

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks