smokeloader | 5e5a175ab4ae2763265a1a910b89aaee480142fbc73f3649aca13495509210ed | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

5e5a175ab4ae2763265a1a910b89aaee480142fbc73f3649aca13495509210ed
Size

162KB
Sample

221121-nakynsga66
MD5

58d6e255dbe7c61d8d0fbb95f636e07d
SHA1

edc93156e996f0b2c811965efc760429ed712697
SHA256

5e5a175ab4ae2763265a1a910b89aaee480142fbc73f3649aca13495509210ed
SHA512

c691530ff1df298b45f99fde24a6adfcea8135f0287bac241cc3958c3778f71f0e50cb7bf5b60ca22504aa4eb4a08dc2183a47d8a499d3f2bb8931b88423ce76
SSDEEP

3072:Ta1qj1i73FFBLriH58uQ/12YCupmk2pQ7w5S4EVm/Wo:TEIi7H5rF3MoES4EY

Score

10^/10

smokeloader systembc backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

5e5a175ab4ae2763265a1a910b89aaee480142fbc73f3649aca13495509210ed.exe

Resource

win10v2004-20220901-en

smokeloader systembc backdoor trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

systembc

C2

89.248.163.218:443

Targets

- Target
  
  5e5a175ab4ae2763265a1a910b89aaee480142fbc73f3649aca13495509210ed
- Size
  
  162KB
- MD5
  
  58d6e255dbe7c61d8d0fbb95f636e07d
- SHA1
  
  edc93156e996f0b2c811965efc760429ed712697
- SHA256
  
  5e5a175ab4ae2763265a1a910b89aaee480142fbc73f3649aca13495509210ed
- SHA512
  
  c691530ff1df298b45f99fde24a6adfcea8135f0287bac241cc3958c3778f71f0e50cb7bf5b60ca22504aa4eb4a08dc2183a47d8a499d3f2bb8931b88423ce76
- SSDEEP
  
  3072:Ta1qj1i73FFBLriH58uQ/12YCupmk2pQ7w5S4EVm/Wo:TEIi7H5rF3MoES4EY
Score

10^/10

smokeloader systembc backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloadersystembcbackdoortrojan

© 2018-2024

Terms | Privacy