Overview

overview

10

Static

static

2e3f542748...2a.exe

windows7-x64

10

2e3f542748...2a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e3f5427485363a102dae8089e3efeb0540dc86031d8ce11bd8bb528d2cbc52a

  • Size

    106KB

  • Sample

    221130-bt2pbafa48

  • MD5

    d0d5a10b00b79fde4d487d28d40d09ad

  • SHA1

    3e390da85904dcf0ce9449c6f7dbd5989dfe73a4

  • SHA256

    0a1fc7affec22d49d32f61adb99c2b8d3cce5019931ec4dca02e1481564f2cfd

  • SHA512

    90279ed55dcb7390def4ced1d8ca0af8b9abe6f642e35a75a5f9a8ab9b24eb3b150e1bb251b8a678e6890938d3c6b5b63aefc99715cd466e80dbf84cc7dfcabf

  • SSDEEP

    3072:n42QuRz5GmPXFBLjWsHhk1XHBV7AWshXPgX22n1g:4J65Vtssyv7AD822K

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      2e3f5427485363a102dae8089e3efeb0540dc86031d8ce11bd8bb528d2cbc52a

    • Size

      149KB

    • MD5

      d0d314421015e3e8c05a56d5666acc7f

    • SHA1

      60c6d8de7248da15ee1132cdacba33866723e77d

    • SHA256

      2e3f5427485363a102dae8089e3efeb0540dc86031d8ce11bd8bb528d2cbc52a

    • SHA512

      e6e8a9536e591adac58ba7933bb6d272f920f6bda8f81d716c20020a01f38d4de24806a566f5c019669787bc7fc6ed22e6d150185bd83f97d4d53ea479cd7565

    • SSDEEP

      1536:gBmT+/xm9B0ldc7FbjRn2EPo0an5zIk/HoGgtNd1TU5HWmVkotyUy9Zqaeq1AmQe:gBmTSbI0ian5zJ3Mlur0Dj1Am5DzDL

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks