Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    231KB

  • Sample

    221225-rf4jrabf28

  • MD5

    58d30432c0fdf70860dea2caa7fccdd0

  • SHA1

    fc853b8f999e88774644bc1a927c44d4f984fba4

  • SHA256

    e99c244d18109241d4d06fd116eb651b1fb9eb06208eace3326cdf8d64098815

  • SHA512

    90ccc468fb023206e526948ca327ae856f1032972724f9cb992f2bdd209dab85d63784eb9996d7732ee865f74beaa41a5b69ef16a87d37f71d9b7929b06d1794

  • SSDEEP

    3072:OXAFZLTFo5aLGhQG+BEH6hGcBBTxmdZftJ/41whPhhw7RkxmJZs:OkZLJ9LUfah7+ZVJ/41irGymI

Score
10/10
smokeloaderbackdoorpersistencetrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      231KB

    • MD5

      58d30432c0fdf70860dea2caa7fccdd0

    • SHA1

      fc853b8f999e88774644bc1a927c44d4f984fba4

    • SHA256

      e99c244d18109241d4d06fd116eb651b1fb9eb06208eace3326cdf8d64098815

    • SHA512

      90ccc468fb023206e526948ca327ae856f1032972724f9cb992f2bdd209dab85d63784eb9996d7732ee865f74beaa41a5b69ef16a87d37f71d9b7929b06d1794

    • SSDEEP

      3072:OXAFZLTFo5aLGhQG+BEH6hGcBBTxmdZftJ/41whPhhw7RkxmJZs:OkZLJ9LUfah7+ZVJ/41irGymI

    Score
    10/10
    smokeloaderbackdoortrojanpersistence

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks