Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file

  • Size

    206KB

  • Sample

    230115-hxtw7sbe66

  • MD5

    6ae5b2730928ba7e072e671db052bae4

  • SHA1

    a8a671dcb06dcb8bebdd8f72e7d33f17622ae50e

  • SHA256

    c6b508e6d0bcbe444d7e09baa9d338c9c4b58db719e7a6fe1b3288a893cd6191

  • SHA512

    0abcb54ed0742d1f1e803df0444e0c78f6145eb26070c93f02b2ffaa57c5bce87bad66f733c5ceb8475909a49ae698726c34ad3bb782b661d477923478c36b30

  • SSDEEP

    3072:fXte3+olo+fFGr5uSONAPmOqyzzuvXBxFXAfxxCKVWapb:Pvolo+cPPRup26Qp

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      file

    • Size

      206KB

    • MD5

      6ae5b2730928ba7e072e671db052bae4

    • SHA1

      a8a671dcb06dcb8bebdd8f72e7d33f17622ae50e

    • SHA256

      c6b508e6d0bcbe444d7e09baa9d338c9c4b58db719e7a6fe1b3288a893cd6191

    • SHA512

      0abcb54ed0742d1f1e803df0444e0c78f6145eb26070c93f02b2ffaa57c5bce87bad66f733c5ceb8475909a49ae698726c34ad3bb782b661d477923478c36b30

    • SSDEEP

      3072:fXte3+olo+fFGr5uSONAPmOqyzzuvXBxFXAfxxCKVWapb:Pvolo+cPPRup26Qp

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks