Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    186KB

  • Sample

    221123-mmpxqaee25

  • MD5

    134701afe1946ef02dd43616ea9ad100

  • SHA1

    5a7dc7947a3824e81ed893ba03886d84092c5bae

  • SHA256

    a0a9dc9dca037ec22207239bf99c94e577ef00fe6bfa959088377d7fc3ac4912

  • SHA512

    0ffafcfd26d00823fe9d137ee812ca6fe7bce02cd7f0046dc10eecb579cc435a04896f52f34790aee0987eca9fedb51c4e24de328609485df27c6090e24cda05

  • SSDEEP

    3072:MDusvefFLMLCmFW4xO5leU1ln/4oiKSIviu:Cu5L6rFvw1h/4oRSIa

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      186KB

    • MD5

      134701afe1946ef02dd43616ea9ad100

    • SHA1

      5a7dc7947a3824e81ed893ba03886d84092c5bae

    • SHA256

      a0a9dc9dca037ec22207239bf99c94e577ef00fe6bfa959088377d7fc3ac4912

    • SHA512

      0ffafcfd26d00823fe9d137ee812ca6fe7bce02cd7f0046dc10eecb579cc435a04896f52f34790aee0987eca9fedb51c4e24de328609485df27c6090e24cda05

    • SSDEEP

      3072:MDusvefFLMLCmFW4xO5leU1ln/4oiKSIviu:Cu5L6rFvw1h/4oRSIa

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks