Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    316KB

  • Sample

    221122-llgdhscc9t

  • MD5

    fc07297b72e3b3731d82f1e8f3fe5387

  • SHA1

    4432ac12529925380f785f986be69d84daf7973c

  • SHA256

    e7d3d06f6affb4914434bcc5610348732ef1e36fc0c00df0c64538e9c424edb7

  • SHA512

    48e7e74ff2ef66952a57736804cd16e9e1f2edd36d2449e51def68507fa039c42781e5d4c37f6afc01abc4434de672a247ba046ca7dd1d861d8030159f350376

  • SSDEEP

    6144:gmuPqQvIJuqtIcfeYOOPIgY22tThsIeGjY6YML:UqijqtIuO4G22ZVEpML

Score
10/10
smokeloaderbackdoordiscoverytrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      316KB

    • MD5

      fc07297b72e3b3731d82f1e8f3fe5387

    • SHA1

      4432ac12529925380f785f986be69d84daf7973c

    • SHA256

      e7d3d06f6affb4914434bcc5610348732ef1e36fc0c00df0c64538e9c424edb7

    • SHA512

      48e7e74ff2ef66952a57736804cd16e9e1f2edd36d2449e51def68507fa039c42781e5d4c37f6afc01abc4434de672a247ba046ca7dd1d861d8030159f350376

    • SSDEEP

      6144:gmuPqQvIJuqtIcfeYOOPIgY22tThsIeGjY6YML:UqijqtIuO4G22ZVEpML

    Score
    10/10
    smokeloaderbackdoortrojandiscovery

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks