Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    289KB

  • Sample

    221231-ezskdacd5z

  • MD5

    322291cc686e18b4dcc55fb4075d2848

  • SHA1

    aa86166bfae4dcb5ba771395bdb0dc1448187502

  • SHA256

    d4cce6ecdb476e5b1650a778d4701f7515315da0922a42de711b33123c408e56

  • SHA512

    8ea7f3a36fe8795b6d90c4cecc2dfdd0a78aa688a334a5d482a5e57ec628123f1ee4484c8ffcacc88e828b74e600f92133b63abb6dbcf5ef26f0998c350edbcd

  • SSDEEP

    6144:KEiOL7re/Iduya8+Vm0FhfkCV08UIkEq:KEHPre/IK8OsI9q

Score
10/10
smokeloaderbackdoordiscoverytrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      289KB

    • MD5

      322291cc686e18b4dcc55fb4075d2848

    • SHA1

      aa86166bfae4dcb5ba771395bdb0dc1448187502

    • SHA256

      d4cce6ecdb476e5b1650a778d4701f7515315da0922a42de711b33123c408e56

    • SHA512

      8ea7f3a36fe8795b6d90c4cecc2dfdd0a78aa688a334a5d482a5e57ec628123f1ee4484c8ffcacc88e828b74e600f92133b63abb6dbcf5ef26f0998c350edbcd

    • SSDEEP

      6144:KEiOL7re/Iduya8+Vm0FhfkCV08UIkEq:KEHPre/IK8OsI9q

    Score
    10/10
    smokeloaderbackdoortrojandiscovery

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks