Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file

  • Size

    216KB

  • Sample

    221219-arxrxaea23

  • MD5

    0c66f0c080c7b2cd027d7f58c21b2938

  • SHA1

    bea0df9b350178f0fa94290aca676c408201d5ce

  • SHA256

    594694bb8c5746a8822ca5cabf8479398aa952bafd21ad03cc0ebe28e9e71217

  • SHA512

    e98343745e4c54f239d1c71034ade75d16c5619eef13554fadffbebb23575616143ead80dfa2dbecb586e231ac842847b44bf1c4d94fd89b46bad76c8e9b32f6

  • SSDEEP

    3072:8HRzLXVxaRdTLYOTOylluIkATLkdm5mNRAtOba+AzjcbImdzmuX:8xzLXVKYOTTbXTLkUE0JjcbXF

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      file

    • Size

      216KB

    • MD5

      0c66f0c080c7b2cd027d7f58c21b2938

    • SHA1

      bea0df9b350178f0fa94290aca676c408201d5ce

    • SHA256

      594694bb8c5746a8822ca5cabf8479398aa952bafd21ad03cc0ebe28e9e71217

    • SHA512

      e98343745e4c54f239d1c71034ade75d16c5619eef13554fadffbebb23575616143ead80dfa2dbecb586e231ac842847b44bf1c4d94fd89b46bad76c8e9b32f6

    • SSDEEP

      3072:8HRzLXVxaRdTLYOTOylluIkATLkdm5mNRAtOba+AzjcbImdzmuX:8xzLXVKYOTTbXTLkUE0JjcbXF

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks