Overview

overview

10

Static

static

cd822f0ecc...33.exe

windows7-x64

10

cd822f0ecc...33.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cd822f0ecc677a30254723971b6dcef01267fce49b3f77f6b4449978506c2f33

  • Size

    104KB

  • Sample

    221129-2ar9msda74

  • MD5

    4861fb6ebc3c12360fc9c621b6be0c3e

  • SHA1

    f506c6754ca1111f06a5ace6a67284c7f6bd2d87

  • SHA256

    3a50433a989bb5f2fbf3c97dad40cc1298ffbb11cef2739d7f1b9417d5bdd4fc

  • SHA512

    43e3add9be01072732515f1569925795b1d308cc34d7741a493464f189a6ad3ed7b9833b255752b3a6ea5a59aaf6fee2e7eea37299875622acacdadc494821d3

  • SSDEEP

    3072:bBDROK1nV7oUqdh5CC6tpCxc4KhQYxZCll:W+nV70djJx0Kll

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      cd822f0ecc677a30254723971b6dcef01267fce49b3f77f6b4449978506c2f33

    • Size

      147KB

    • MD5

      5ec80c4e957656ceaca4466beb8fcf53

    • SHA1

      1b66ad0399e2e7399eec28aa3474689b23f1eacd

    • SHA256

      cd822f0ecc677a30254723971b6dcef01267fce49b3f77f6b4449978506c2f33

    • SHA512

      b6f9e489fc6365e03933809154548d75137f4fb3477e0f1052286d4b6b196eaa6269738625bd937c8095cbc8c70345c5c16124ae4f4ff1af298979cb4e6f0750

    • SSDEEP

      3072:5vBZ7ZWYv5RhPBJs6hgNU7vvNtvF6NCMiF:7BZWcccgN+v3vFj

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks