Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    220KB

  • Sample

    221221-edb1haef7y

  • MD5

    4ffd0c3e0a2c9693ffc3a4c2cb6b0465

  • SHA1

    89c65ab1e8fb5d502eacea94f7340779b28008e7

  • SHA256

    03885f92a02d31066faa4838a677d3c5993795fafed20c7df0360e9559db4f6b

  • SHA512

    0330db6dbf5b3b45ebf8219ddbb41b08009514d91e4fbdc3e629c4c2e82cb31a7c5b65548465ec237da5cea7977ba94186108ff0d5d84e430ec72eeaaf21858d

  • SSDEEP

    3072:79LVLUN115RHuBe8fpZf+0oX+Qas+6DkGV7b/Oxi1NHCDml:x5LUNLHuB9fpY0zDmIOWUCa

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      220KB

    • MD5

      4ffd0c3e0a2c9693ffc3a4c2cb6b0465

    • SHA1

      89c65ab1e8fb5d502eacea94f7340779b28008e7

    • SHA256

      03885f92a02d31066faa4838a677d3c5993795fafed20c7df0360e9559db4f6b

    • SHA512

      0330db6dbf5b3b45ebf8219ddbb41b08009514d91e4fbdc3e629c4c2e82cb31a7c5b65548465ec237da5cea7977ba94186108ff0d5d84e430ec72eeaaf21858d

    • SSDEEP

      3072:79LVLUN115RHuBe8fpZf+0oX+Qas+6DkGV7b/Oxi1NHCDml:x5LUNLHuB9fpY0zDmIOWUCa

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks