smokeloader | 425617d0cbfb5ddb2285437fa6147cf3cfe024efdc4cf7ea56c2f61350ca70ac | Triage

Submit
Reports

Overview

overview

Static

static

425617d0cb...ac.exe

windows7-x64

425617d0cb...ac.exe

windows10-2004-x64

Sharing

General

Target

425617d0cbfb5ddb2285437fa6147cf3cfe024efdc4cf7ea56c2f61350ca70ac.exe
Size

200KB
Sample

221205-m45phach24
MD5

241104b8eb8b3a657eb76a733be2014f
SHA1

25274ee7cae23f038541bc1948bc58322a6fe433
SHA256

425617d0cbfb5ddb2285437fa6147cf3cfe024efdc4cf7ea56c2f61350ca70ac
SHA512

59be1f76ebf46e180c3b2ca34546c131c31e5836cb08c15fd40b8b40785a02dfca03cdf5ad8b27abf602822ffbe952e158b052baedb9ab7c059cd17f22a9ade4
SSDEEP

3072:2jaJX1he96vwi5u5nITlai3JeYl1uW4TmqhTDw02rwpqLRc:w6vq5n2EzG1uW4i02spq

Score

10^/10

smokeloader systembc backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

425617d0cbfb5ddb2285437fa6147cf3cfe024efdc4cf7ea56c2f61350ca70ac.exe

Resource

win7-20220901-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

425617d0cbfb5ddb2285437fa6147cf3cfe024efdc4cf7ea56c2f61350ca70ac.exe

Resource

win10v2004-20220812-en

smokeloader systembc backdoor trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

systembc

C2

109.205.214.18:443

Targets

- Target
  
  425617d0cbfb5ddb2285437fa6147cf3cfe024efdc4cf7ea56c2f61350ca70ac.exe
- Size
  
  200KB
- MD5
  
  241104b8eb8b3a657eb76a733be2014f
- SHA1
  
  25274ee7cae23f038541bc1948bc58322a6fe433
- SHA256
  
  425617d0cbfb5ddb2285437fa6147cf3cfe024efdc4cf7ea56c2f61350ca70ac
- SHA512
  
  59be1f76ebf46e180c3b2ca34546c131c31e5836cb08c15fd40b8b40785a02dfca03cdf5ad8b27abf602822ffbe952e158b052baedb9ab7c059cd17f22a9ade4
- SSDEEP
  
  3072:2jaJX1he96vwi5u5nITlai3JeYl1uW4TmqhTDw02rwpqLRc:w6vq5n2EzG1uW4i02spq
Score

10^/10

smokeloader backdoor trojan systembc
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloadersystembcbackdoortrojan

© 2018-2024

Terms | Privacy