Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    320KB

  • Sample

    221206-gde39shf49

  • MD5

    6b965fe88e20b634892675ebd0dfac27

  • SHA1

    88e2890cb3545d6d28b518b6bf0fff3148ae11aa

  • SHA256

    3549d76fa5cba791831358a7a034dd7b1dde1d30c654ab2d45a824dfd8cefc08

  • SHA512

    c46dcf9453f40cf8b41e3099ce6c62c0ba5db15269b97bf4af909f2ff7cf4ceb618779c5aca8e5de9e601893fc48f39786b45f84c6f0eb1fef77541f355b214b

  • SSDEEP

    6144:QjNBy+/L21T8xe6ySlk/WOL7CCB/UvZhbmHyMkE6VWF:Qjzyka1T8xpgLGCGRhbmXF6VWF

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      320KB

    • MD5

      6b965fe88e20b634892675ebd0dfac27

    • SHA1

      88e2890cb3545d6d28b518b6bf0fff3148ae11aa

    • SHA256

      3549d76fa5cba791831358a7a034dd7b1dde1d30c654ab2d45a824dfd8cefc08

    • SHA512

      c46dcf9453f40cf8b41e3099ce6c62c0ba5db15269b97bf4af909f2ff7cf4ceb618779c5aca8e5de9e601893fc48f39786b45f84c6f0eb1fef77541f355b214b

    • SSDEEP

      6144:QjNBy+/L21T8xe6ySlk/WOL7CCB/UvZhbmHyMkE6VWF:Qjzyka1T8xpgLGCGRhbmXF6VWF

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks