Overview

overview

10

Static

static

97ad0b0e2c...f9.exe

windows7-x64

10

97ad0b0e2c...f9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97ad0b0e2c85f67bb12190645641e5e497b675adc5df2760c33b86b8ec9d62f9

  • Size

    432KB

  • Sample

    221130-vvtvmsda4z

  • MD5

    4b88933533c0d82b4142d3d847d5da27

  • SHA1

    aa9a7bb55a289a94428e80313f4b4be8144c4e0f

  • SHA256

    97ad0b0e2c85f67bb12190645641e5e497b675adc5df2760c33b86b8ec9d62f9

  • SHA512

    63d4010f0fdea1dfedbd4cf762cb1b0c14a411c9ce52a5493cf7208bfcc2b28327de6fe0e0fbb7c2e708cede643c99deec8a1e6ba47db55293bded6cb55ca3ce

  • SSDEEP

    3072:ceZrrdOX+w2MmLyVOtjrAgKjExcSyXFxzxYXLT8K4xJDohY35T4H8bQRaYVYrUUG:ceZlOXnhYssZw/

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

https://wintoshop.ug/

https://shoptowin.ru/

https://shopandpop.su/

https://shoptofree.ru/

http://googletime.bit/
rc4.i32
rc4.i32

Targets

    • Target

      97ad0b0e2c85f67bb12190645641e5e497b675adc5df2760c33b86b8ec9d62f9

    • Size

      432KB

    • MD5

      4b88933533c0d82b4142d3d847d5da27

    • SHA1

      aa9a7bb55a289a94428e80313f4b4be8144c4e0f

    • SHA256

      97ad0b0e2c85f67bb12190645641e5e497b675adc5df2760c33b86b8ec9d62f9

    • SHA512

      63d4010f0fdea1dfedbd4cf762cb1b0c14a411c9ce52a5493cf7208bfcc2b28327de6fe0e0fbb7c2e708cede643c99deec8a1e6ba47db55293bded6cb55ca3ce

    • SSDEEP

      3072:ceZrrdOX+w2MmLyVOtjrAgKjExcSyXFxzxYXLT8K4xJDohY35T4H8bQRaYVYrUUG:ceZlOXnhYssZw/

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks