Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    210KB

  • Sample

    230105-kq1ghsbd86

  • MD5

    c73b686fe78f524c7343f2548d2371ee

  • SHA1

    980ef6756ac9848f650601516643bde52389a1fa

  • SHA256

    eb63815fe857388258f8fc6424fd41945f213b060fbb821329f03660bfd65d21

  • SHA512

    b2a8240957c3817fb25a2f3147881d17a4e683c67329ea8b220048419306f3f36951048db8cc9a089186586cff6d07bd741ad444150e002827aee81964f7c1b3

  • SSDEEP

    6144:0rLnJlhA9s4YSC08G4UpfpW2GHWS2L3G:0rbJrA68BzpfpR5

Score
10/10
smokeloaderbackdoorspywarestealertrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      210KB

    • MD5

      c73b686fe78f524c7343f2548d2371ee

    • SHA1

      980ef6756ac9848f650601516643bde52389a1fa

    • SHA256

      eb63815fe857388258f8fc6424fd41945f213b060fbb821329f03660bfd65d21

    • SHA512

      b2a8240957c3817fb25a2f3147881d17a4e683c67329ea8b220048419306f3f36951048db8cc9a089186586cff6d07bd741ad444150e002827aee81964f7c1b3

    • SSDEEP

      6144:0rLnJlhA9s4YSC08G4UpfpW2GHWS2L3G:0rbJrA68BzpfpR5

    Score
    10/10
    smokeloaderbackdoortrojanspywarestealer

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks