Overview

overview

10

Static

static

82d6684649...f7.exe

windows7-x64

10

82d6684649...f7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    82d66846496169530cfda874545d5c55e3d1cb4ca36c38812f53912f3a47a1f7

  • Size

    175KB

  • Sample

    221206-ck8lyabd31

  • MD5

    63d7efc2158bcb1b016869afe7566bbe

  • SHA1

    cef9cf73d715cd0bce4c64737a1f892e39efdc9a

  • SHA256

    fe860dddb9f9039fcd86c96b6dcf74402bbee6939c77e72cf45b091483455d06

  • SHA512

    2dd0bed3adbf907dd5ae2bbd907320b25b2de55e16371956e60e042791eef7fffe222819a7bdb299a71c10cd9d95e5d3f4e6e541c2af563c7cf7b7cc39ff14ff

  • SSDEEP

    3072:rGb4lYkg5d0CBvGCBFO4S+vR3ITsXPiogDhGjaXd1lEYF7vC+zczzgHQVUqI9sxY:rGbVkuGGBFjX6LNGjaXGYlvC+zcLxOs2

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      82d66846496169530cfda874545d5c55e3d1cb4ca36c38812f53912f3a47a1f7

    • Size

      273KB

    • MD5

      cefb22ad1ee0a01897142ba73ba56cea

    • SHA1

      90c404bd3a2c4ba69417d62371f38caf2c329908

    • SHA256

      82d66846496169530cfda874545d5c55e3d1cb4ca36c38812f53912f3a47a1f7

    • SHA512

      62bde96852265f6cb1354ab857510a4c067adbb557706b4bc76da68f1b00796b687dc8f47de61914185063e6b7c50c276e7f7eb7e7ee1dc402e10fbb8a714245

    • SSDEEP

      3072:JbXVoCYSwsz9pLkKWR5jwSIMOKmacd1lEYF7vC8JIbViVRvJTcpZRqFYgV2qs64j:Jz1pLk0S/mrGYlvCCEVIDcRqZVS

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks