smokeloader | ddc74a8151032ae3c6caf35758f0b6c81185ea739659605913f55468df8384d2 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

ddc74a8151032ae3c6caf35758f0b6c81185ea739659605913f55468df8384d2
Size

239KB
Sample

221212-tw7x8abg87
MD5

a7dda8e68c3cf6c3947e5feaa77730ad
SHA1

32d21754d7dbe4f52541970c9ff865c2ac86c28b
SHA256

ddc74a8151032ae3c6caf35758f0b6c81185ea739659605913f55468df8384d2
SHA512

babdafa8b435eab8cae3080946ed4cf78fcd9ab053876c52d8ece0341014515bb28948192ca6ef895d18867e750fb8d6b94a2bc52330d3739b44e98822427c6e
SSDEEP

3072:shtytGLK68v4iy50r53eAwKMOYD24oSCJiY9UiJuV/GohdBcf0Evier7RbR8pgX:s9Lw4iy5yKH99xY9Uiq/Goyftx7cpgX

Score

10^/10

smokeloader systembc backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

ddc74a8151032ae3c6caf35758f0b6c81185ea739659605913f55468df8384d2.exe

Resource

win10v2004-20220812-en

smokeloader systembc backdoor trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

systembc

C2

109.205.214.18:443

Targets

- Target
  
  ddc74a8151032ae3c6caf35758f0b6c81185ea739659605913f55468df8384d2
- Size
  
  239KB
- MD5
  
  a7dda8e68c3cf6c3947e5feaa77730ad
- SHA1
  
  32d21754d7dbe4f52541970c9ff865c2ac86c28b
- SHA256
  
  ddc74a8151032ae3c6caf35758f0b6c81185ea739659605913f55468df8384d2
- SHA512
  
  babdafa8b435eab8cae3080946ed4cf78fcd9ab053876c52d8ece0341014515bb28948192ca6ef895d18867e750fb8d6b94a2bc52330d3739b44e98822427c6e
- SSDEEP
  
  3072:shtytGLK68v4iy50r53eAwKMOYD24oSCJiY9UiJuV/GohdBcf0Evier7RbR8pgX:s9Lw4iy5yKH99xY9Uiq/Goyftx7cpgX
Score

10^/10

smokeloader systembc backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloadersystembcbackdoortrojan

© 2018-2024

Terms | Privacy