smokeloader | 257bd4c54e39234e1d93a0667f769881ed774f5f9cd5764488fd44c1f1c4ba1a | Triage

Submit
Reports

Overview

overview

Static

static

257bd4c54e...1a.exe

windows7-x64

257bd4c54e...1a.exe

windows10-2004-x64

Sharing

General

Target

257bd4c54e39234e1d93a0667f769881ed774f5f9cd5764488fd44c1f1c4ba1a.exe
Size

328KB
Sample

221212-tczshabg52
MD5

3d5327a1d32b49f7c95fb942f007867c
SHA1

5aab2c4e490cea4d7e147cad9e22fcbd05706f01
SHA256

257bd4c54e39234e1d93a0667f769881ed774f5f9cd5764488fd44c1f1c4ba1a
SHA512

5f379784a9d491582103a10dbc90b8c3369b636f6515befc1fc26522a0440b0da142e7e229034332745a82aa5768ae5344bdba5bb2b143f7cdb7d94a83586675
SSDEEP

6144:GyOxz/rLsgWZUlw+aitjS1dDr1mcvnpSYBiaN0eU0ZrrMC7C:GJZIgWZZ+aitjSvDEwprBvN7RQEC

Score

10^/10

smokeloader systembc backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

257bd4c54e39234e1d93a0667f769881ed774f5f9cd5764488fd44c1f1c4ba1a.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

257bd4c54e39234e1d93a0667f769881ed774f5f9cd5764488fd44c1f1c4ba1a.exe

Resource

win10v2004-20221111-en

smokeloader systembc backdoor trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

systembc

C2

109.205.214.18:443

Targets

- Target
  
  257bd4c54e39234e1d93a0667f769881ed774f5f9cd5764488fd44c1f1c4ba1a.exe
- Size
  
  328KB
- MD5
  
  3d5327a1d32b49f7c95fb942f007867c
- SHA1
  
  5aab2c4e490cea4d7e147cad9e22fcbd05706f01
- SHA256
  
  257bd4c54e39234e1d93a0667f769881ed774f5f9cd5764488fd44c1f1c4ba1a
- SHA512
  
  5f379784a9d491582103a10dbc90b8c3369b636f6515befc1fc26522a0440b0da142e7e229034332745a82aa5768ae5344bdba5bb2b143f7cdb7d94a83586675
- SSDEEP
  
  6144:GyOxz/rLsgWZUlw+aitjS1dDr1mcvnpSYBiaN0eU0ZrrMC7C:GJZIgWZZ+aitjSvDEwprBvN7RQEC
Score

10^/10

smokeloader backdoor trojan systembc
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloadersystembcbackdoortrojan

© 2018-2024

Terms | Privacy