Overview

overview

10

Static

static

116b612864...a6.exe

windows7-x64

10

116b612864...a6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    116b612864fc76ce6cdb26d99eacc0597c09e09ebe102acc4bb2d0fdb087d3a6

  • Size

    127KB

  • Sample

    221123-z3zhbaed67

  • MD5

    d53805cccbbf17d4d5cb33278836f43a

  • SHA1

    637d506cf4815c7d5fd1e4cd91cd1e3d312bb94f

  • SHA256

    ec38cce99c16dd527df5b2cbe30af476ece480a5d1f8a816ac3b5ae8fbf2a2ec

  • SHA512

    c928b67ff5c004bcb36b3ec6632fa2121ebffcb72aa47bd15c87adb95871a864972c913f834ef267f2c418457afd0c2b786badee919004cccd8a6972aa95414c

  • SSDEEP

    3072:nCd1CFCPr8S7xJVSNT+dcoV6kFDn+4XV7d9h/m9TU:CHCFxqNSNT+dcoV6qiGLb/m94

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      116b612864fc76ce6cdb26d99eacc0597c09e09ebe102acc4bb2d0fdb087d3a6

    • Size

      186KB

    • MD5

      036d40eefb90349f85693022de4ebc86

    • SHA1

      374412425c991d9f43735139b1f26877ce0ca455

    • SHA256

      116b612864fc76ce6cdb26d99eacc0597c09e09ebe102acc4bb2d0fdb087d3a6

    • SHA512

      1b57b8f8485994dbfe66ad7cd6ee7bcede9221f9cee75205d284aec8a236866f7704e170d6eddc870b4adece744531fcec227a4844dc07d75c5e5d96662429fc

    • SSDEEP

      3072:PuuR1LmfXLEjoWnck5Fwe0zQygV6kFDn+4XVxshRudBZ:2uCvLEjocVcQB6qiGguvZ

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks