Overview

overview

10

Static

static

9af15bac59...62.exe

windows7-x64

10

9af15bac59...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9af15bac597933d319d212d65c13279fbcfcb0f5abda0eca3ad9ba0a78995362

  • Size

    115KB

  • Sample

    221127-zdxbnaga79

  • MD5

    79595386e423cf5034cb83f0f93bf60d

  • SHA1

    45dc82d88029878d85a6a0b7ae6e9b22c451413e

  • SHA256

    651303526f9fe9debb74e3aa32e9863dba383e96601f57b15c222d752b9e15a7

  • SHA512

    1fe17376c1203cf2c4fa816162a67ac98e2985fab44e90a3edbf517abf2b52fa81fd0f96931a45dd75e1ebc179e332bacf5fd1f589b566a6983a7cda05466514

  • SSDEEP

    3072:jwF8Y+WvWoVGdac37I40DaHP3cD+Cis9XgsdFq:jwvvWaGd04PstB9XJdFq

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      9af15bac597933d319d212d65c13279fbcfcb0f5abda0eca3ad9ba0a78995362

    • Size

      168KB

    • MD5

      a83dd31c349a104206a8a7135fc3d116

    • SHA1

      a9c463414362c93ed2e9cfa4fe87abd9f2b38ab4

    • SHA256

      9af15bac597933d319d212d65c13279fbcfcb0f5abda0eca3ad9ba0a78995362

    • SHA512

      aa7e3b2f192d2ca792d7bb12d70b5559906baeb2e4dcfae0e29c58f58ada2dbce2e143b83c06b425d1800ba77fe89a4a8522dca2a27fb7f7d8b7f027972869b7

    • SSDEEP

      3072:EFtlRGF5u5tHzS5tI7vE0tKAAJ48x+JJluYVfBEqw:8UfytH0I7vE0tGhafO

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks