Overview

overview

10

Static

static

dec9dbbad7...62.exe

windows7-x64

10

dec9dbbad7...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dec9dbbad7bdeace3de1eb16e540297efe3c9fa04441683a1ece2fe21832ba62

  • Size

    105KB

  • Sample

    221129-y1qlyscd52

  • MD5

    e92d7a151c4760f3a95e348688337214

  • SHA1

    203be1a7ffa5cc0832641211622b575ba92d9b3e

  • SHA256

    112b8691f2fd88bf5ea8f7701da380453b5402b9a059d665494a873f47a0fdd6

  • SHA512

    dfb56a7d70b9cc6bcfe2b9fffe70c14e268cb70d1ee64acaa240e00b5768b9eb52aa9a5c28c4b50ca295e1bdb94b89bf5fc449b01c4f37139d75e051a197f0e3

  • SSDEEP

    1536:h6wi0K0m5InTVQbarKl865f4bBYL8x93wZqMdFGOWu8zqIGd2eBUxfJvukI/A:h6wiymAT2bHlZNpZ/vSR4dDBs5ZI/A

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      dec9dbbad7bdeace3de1eb16e540297efe3c9fa04441683a1ece2fe21832ba62

    • Size

      147KB

    • MD5

      c0100e684edfb5b0ad76f22fea308474

    • SHA1

      86e48aac586dbfc944a1a2b846c43a5610735d57

    • SHA256

      dec9dbbad7bdeace3de1eb16e540297efe3c9fa04441683a1ece2fe21832ba62

    • SHA512

      556e43185cc2acdb24709f7f78637672d715f52474d908c1ace8db8a60ac8c3af976b1ab6064b25cc63b663ce84de4935bfac5d2318ed4101e51c79e889d93ce

    • SSDEEP

      3072:H/n0yZIpn5Rsuy/323PMloLfh9kzz2j/e:/xZIZR3kEhOzzp

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks