smokeloader | 40a67fc1c691f9c19fa926a1b79e069cfd8bd86ae5a9d8cea36bc4504856e624 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

40a67fc1c691f9c19fa926a1b79e069cfd8bd86ae5a9d8cea36bc4504856e624
Size

260KB
Sample

221205-pnhwxadg2s
MD5

e11b03824a6d4a244416f62b2fb14121
SHA1

044e409510f1e3cee3d78571adf02d7f63d89053
SHA256

40a67fc1c691f9c19fa926a1b79e069cfd8bd86ae5a9d8cea36bc4504856e624
SHA512

6a153db22699c287a6c9705203a72fa2a3aba742488cc1a044022030f73e81068a7aa3bc07e0eef83ff015bbeeaea9f921eddea49c5400d3783ea759af8caa7a
SSDEEP

3072:L+X9zbx5D1tE5ryJi5vC66VcvtXRpGBe9K5UXE8ShTDw02rw+t5UUOW2ZeXGMh0r:6fyRy8QsX/Gr56Ph02s+8UO9e2U

Score

10^/10

smokeloader systembc backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

40a67fc1c691f9c19fa926a1b79e069cfd8bd86ae5a9d8cea36bc4504856e624.exe

Resource

win10-20220812-en

smokeloader systembc backdoor trojan

windows10-1703-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

systembc

C2

109.205.214.18:443

Targets

- Target
  
  40a67fc1c691f9c19fa926a1b79e069cfd8bd86ae5a9d8cea36bc4504856e624
- Size
  
  260KB
- MD5
  
  e11b03824a6d4a244416f62b2fb14121
- SHA1
  
  044e409510f1e3cee3d78571adf02d7f63d89053
- SHA256
  
  40a67fc1c691f9c19fa926a1b79e069cfd8bd86ae5a9d8cea36bc4504856e624
- SHA512
  
  6a153db22699c287a6c9705203a72fa2a3aba742488cc1a044022030f73e81068a7aa3bc07e0eef83ff015bbeeaea9f921eddea49c5400d3783ea759af8caa7a
- SSDEEP
  
  3072:L+X9zbx5D1tE5ryJi5vC66VcvtXRpGBe9K5UXE8ShTDw02rw+t5UUOW2ZeXGMh0r:6fyRy8QsX/Gr56Ph02s+8UO9e2U
Score

10^/10

smokeloader systembc backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloadersystembcbackdoortrojan

© 2018-2024

Terms | Privacy