Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    240KB

  • Sample

    230101-117lkscg84

  • MD5

    3ae8f361f9afbb4244cff704e6066bc4

  • SHA1

    8bfb9bd78b1f406b272181e39d15a52966c21a37

  • SHA256

    218096bae76e7aa27961fccb0d70e0bfc4b64f5ec40bd1b473d47751da9dc62a

  • SHA512

    845dda82aad853c8ce8d864c946676f0868f85af91f4aa9585896c878a04a6cc70f902befa66d2ac40d8ae7f3abb720ccd507c187d96c69f55afc6326fb23ae3

  • SSDEEP

    3072:jXcG/GLcNsuKde5uS6fSmx8HLRgHJLwxw63B4QBWkx8YA5M2nvQGW7iSWO:bOLrdzSJmcKJkuIB4QodV4b7i

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      240KB

    • MD5

      3ae8f361f9afbb4244cff704e6066bc4

    • SHA1

      8bfb9bd78b1f406b272181e39d15a52966c21a37

    • SHA256

      218096bae76e7aa27961fccb0d70e0bfc4b64f5ec40bd1b473d47751da9dc62a

    • SHA512

      845dda82aad853c8ce8d864c946676f0868f85af91f4aa9585896c878a04a6cc70f902befa66d2ac40d8ae7f3abb720ccd507c187d96c69f55afc6326fb23ae3

    • SSDEEP

      3072:jXcG/GLcNsuKde5uS6fSmx8HLRgHJLwxw63B4QBWkx8YA5M2nvQGW7iSWO:bOLrdzSJmcKJkuIB4QodV4b7i

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks