Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    240KB

  • Sample

    230101-cxevdsba99

  • MD5

    9c71f3bb921873c50541bd82f45abcb9

  • SHA1

    d9829e11d5b564fed7de6bd1bc9b56ec99b507d5

  • SHA256

    3c83b3496cb64dc1959e11c462c8dea200d1e5cf44919c4d0310d6772fb6c5ef

  • SHA512

    76a6e4b85058d3ecb5e2cc9b796f915f93a4a02eeb65ea79bad9b8203642bbbd3686b8b158ed89a3627d30d0a48e3febacd55635ded91fc3f2fa13091095095c

  • SSDEEP

    3072:7XcrVgLp+YNWZA5FLy7HZ9GuONfo0fuwpmqsQ7v27hZY:T/L7WZ6LyDGJfo0ftE3uaZY

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      240KB

    • MD5

      9c71f3bb921873c50541bd82f45abcb9

    • SHA1

      d9829e11d5b564fed7de6bd1bc9b56ec99b507d5

    • SHA256

      3c83b3496cb64dc1959e11c462c8dea200d1e5cf44919c4d0310d6772fb6c5ef

    • SHA512

      76a6e4b85058d3ecb5e2cc9b796f915f93a4a02eeb65ea79bad9b8203642bbbd3686b8b158ed89a3627d30d0a48e3febacd55635ded91fc3f2fa13091095095c

    • SSDEEP

      3072:7XcrVgLp+YNWZA5FLy7HZ9GuONfo0fuwpmqsQ7v27hZY:T/L7WZ6LyDGJfo0ftE3uaZY

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks