Overview

overview

10

Static

static

a23071ca8b...ad.exe

windows7-x64

10

a23071ca8b...ad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a23071ca8b7cb1a2a85fd54efe3a5cf2f80470c9846efce69dd72d659f2670ad

  • Size

    114KB

  • Sample

    221127-yqd56sec74

  • MD5

    0b32392e2c5c4144bcb2e4ccd1259d8c

  • SHA1

    85e4e1e3ebf9142db8847cc6fa5c07052c9c3398

  • SHA256

    b5d6181c7534f65dfe895a97963cf0dd5ea60f03b8bd1c539425e8c3fd468848

  • SHA512

    e076600f8d4554ff149eba8fbdb73661608b38e1734f364ec54ae8d23d0d1476211598412334cdc0f9f33cc1d650fbef4fbe1bdf9ab2a93a01e52b8a1e0c1e27

  • SSDEEP

    3072:3LNofAhFcWiJqy6t2VLcDq3gDn7HhSrRFCwgC2UWl:3LuAzk6t24qu7hSr7CwglUWl

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      a23071ca8b7cb1a2a85fd54efe3a5cf2f80470c9846efce69dd72d659f2670ad

    • Size

      167KB

    • MD5

      da4afd549426c3e6295e9a72e3872cda

    • SHA1

      5e523e4069b17263af7e96afa24efd2227ec2158

    • SHA256

      a23071ca8b7cb1a2a85fd54efe3a5cf2f80470c9846efce69dd72d659f2670ad

    • SHA512

      9c34bfe0ae72461e88c086aaac8746e5a6e730223fcd2788e889432ebd25eba1acd4dcdd9917b9d180989a604b90e1ac5272187252140ad7631a97331b1a5d2a

    • SSDEEP

      3072:Wrd9Ya2ZukYxzS5baNcb/ZfnKIoq4+2pGSbAP:wPELYxwvBCIL4PGJP

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks