smokeloader | 2ec66b67ec0734dbf1048b2f71a969e5915deeefc75aea61a91e079fc5720eaa | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

2ec66b67ec0734dbf1048b2f71a969e5915deeefc75aea61a91e079fc5720eaa
Size

186KB
Sample

221123-ngtjdsgg97
MD5

20265014ad062dbae27ff0398b9f1cc6
SHA1

2bb048c1aeed663031b3056019f9cd543f7a9edc
SHA256

2ec66b67ec0734dbf1048b2f71a969e5915deeefc75aea61a91e079fc5720eaa
SHA512

e87415a86b797c4a59e1d07b774b6354361a9db5e79c0fdd9c59bbe418bcf31a2a0f9f6fff1326b99ed0992ce53952a1d5fba49f2a33a0c8a71849863b1aab96
SSDEEP

3072:oDuvOZCRgdLRzZRvWFJO5BzbGdeAnGv1hB8ZlPDzS2fKpKN:euh4LRltuOnkGNhB8LPXS2fCK

Score

10^/10

smokeloader backdoor persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

2ec66b67ec0734dbf1048b2f71a969e5915deeefc75aea61a91e079fc5720eaa.exe

Resource

win10v2004-20220812-en

smokeloader backdoor persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  2ec66b67ec0734dbf1048b2f71a969e5915deeefc75aea61a91e079fc5720eaa
- Size
  
  186KB
- MD5
  
  20265014ad062dbae27ff0398b9f1cc6
- SHA1
  
  2bb048c1aeed663031b3056019f9cd543f7a9edc
- SHA256
  
  2ec66b67ec0734dbf1048b2f71a969e5915deeefc75aea61a91e079fc5720eaa
- SHA512
  
  e87415a86b797c4a59e1d07b774b6354361a9db5e79c0fdd9c59bbe418bcf31a2a0f9f6fff1326b99ed0992ce53952a1d5fba49f2a33a0c8a71849863b1aab96
- SSDEEP
  
  3072:oDuvOZCRgdLRzZRvWFJO5BzbGdeAnGv1hB8ZlPDzS2fKpKN:euh4LRltuOnkGNhB8LPXS2fCK
Score

10^/10

smokeloader backdoor persistence trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpersistencetrojan

© 2018-2024

Terms | Privacy