Overview

overview

10

Static

static

8d47adb5e1...0d.exe

windows7-x64

10

8d47adb5e1...0d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8d47adb5e12d033ff937d27c67b625ca584535934d13dbc129b654df52f8e60d

  • Size

    176KB

  • Sample

    221206-cy7a2aha48

  • MD5

    0c04cb43fc2dadf9888f75937b871743

  • SHA1

    089e39d38259870d9465c6c72aed7be6a98ace9f

  • SHA256

    b07a6bafa517ed6b2b850a71abb4d3f502fd2251f0cfcc8c783859a4f5eef234

  • SHA512

    c0f3fcb2d6bfb2bf326e0c180c5a7e61484e0c86ad4c341119a6b3d47c78794886e5a9beb89884b6bf55e3e24fa90041ba96605ee84d6a04584c1bbe741b2354

  • SSDEEP

    3072:c9BIU5qC1rlXqVhYx6deKk0hmMlXhdGXvNYJThkoXO4uTLpbuNB92MQF76EIlRxL:czIi1pqVqx6YKkq5Xh6yRhkOkLsj9rQ2

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      8d47adb5e12d033ff937d27c67b625ca584535934d13dbc129b654df52f8e60d

    • Size

      274KB

    • MD5

      051b2c6ba4fae7c3e6b27adec1a993ab

    • SHA1

      db2c346d0711452595b89baea974a572f36075b4

    • SHA256

      8d47adb5e12d033ff937d27c67b625ca584535934d13dbc129b654df52f8e60d

    • SHA512

      bb4b6b84ae9af5e0b76391b03ab6c6698aef198a23316ac72eab49928c6cb0acdd93c4d3e8996a0e4ef06016f5bc2ca8a9a07ec2424c31eec1b11757cba3cd80

    • SSDEEP

      3072:81k2XVJqYwbid1Zh8FWn53AaPVCJThkoXO4uTXzgZaiVRvJTcpMi+GoaYgV2qs6f:81keFZh8+Aa9CRhkOkMZaIDc7+GoqVS

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks