Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    215KB

  • Sample

    221216-tgr88ahg8x

  • MD5

    d1cf3c8a3990acddc9de7443ebf35c90

  • SHA1

    ef0af0bed701b78ee4b94a3cd0895a759b3687d9

  • SHA256

    660484295e9e209725d9c96fc84d21a8dd880182f5d07e06805cf4a73a6cbe7d

  • SHA512

    6ab7f4460205421a78504f7ec9d4a70221d68be4ff4ee0701726bdd234f9c7ed00eace14effbf90b1c012ee4085a8c7e8f8740a6694f9e2945bbdb92166b8312

  • SSDEEP

    3072:qZaH24LUBio6SRvwNLqOCbUokAF9VM7dweJvBLsz3rOLQRyzT40zwUzQRKF+:UCL6iUAxokM92GehBgz3rOEy340M2b

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      215KB

    • MD5

      d1cf3c8a3990acddc9de7443ebf35c90

    • SHA1

      ef0af0bed701b78ee4b94a3cd0895a759b3687d9

    • SHA256

      660484295e9e209725d9c96fc84d21a8dd880182f5d07e06805cf4a73a6cbe7d

    • SHA512

      6ab7f4460205421a78504f7ec9d4a70221d68be4ff4ee0701726bdd234f9c7ed00eace14effbf90b1c012ee4085a8c7e8f8740a6694f9e2945bbdb92166b8312

    • SSDEEP

      3072:qZaH24LUBio6SRvwNLqOCbUokAF9VM7dweJvBLsz3rOLQRyzT40zwUzQRKF+:UCL6iUAxokM92GehBgz3rOEy340M2b

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks