Overview

overview

10

Static

static

1075953059...c2.exe

windows7-x64

10

1075953059...c2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1075953059b25a214f6984c7622d5f8190a4533ee2ea6a70181588fd857338c2

  • Size

    176KB

  • Sample

    221206-cccvasga82

  • MD5

    3a2ad41b4921e44df7b7454f7957d776

  • SHA1

    c1b3c76bca54e8097d7c0c8bf3d55d00c00aaa5a

  • SHA256

    805105437934cf8625e1a029ad01b94c664f7e556e384fcf03a976c260db65c2

  • SHA512

    d12841b0a518ab4db940799c14838d48c3609e84f6cb271c1fc4ef956703c575b26708d15eaee4d942385adf4cdc5b9a7d265a829841880811a1c307ebcb5eb3

  • SSDEEP

    3072:6fDmp/YvwpISBVcLPhujHMPyHBJnIaxGUhJW6TfpwMlM1jwdWcTTWljoMzG2OfBA:WDUAzS8ZuzmyPnIax3nIwdWCkjoM7Ofm

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      1075953059b25a214f6984c7622d5f8190a4533ee2ea6a70181588fd857338c2

    • Size

      274KB

    • MD5

      4e8b4953255f9a5a9ed962c037d7fa6c

    • SHA1

      a30f9a17c7e7ae97b4aecc597fffd6089e743cd1

    • SHA256

      1075953059b25a214f6984c7622d5f8190a4533ee2ea6a70181588fd857338c2

    • SHA512

      540ed00d0a57eeeb57705352a50b41b0f403f2ab21ac2ad4be684da0840a23b5c585970cf7894ac036dd1fc607650c8824d120af475298aaef51ad06222e5d14

    • SSDEEP

      3072:4JXVYKYkzKBgcotLZWR5lQm4QxGUhJW6TfpwMlMhY6OYiVRvJTcp7FGpZYgV2qsf:4tmotLjzQx3nIYLYIDcxAfVS

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks