Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    324KB

  • Sample

    230203-f5eq5sbc93

  • MD5

    1977e2e9d5ab18bb2fc05caf299e4ec3

  • SHA1

    f1302a2023bdab85f9df706b2115ca91f247e8b5

  • SHA256

    323d285f670c92118fa148f0511a13c2d3fb12806a3c50e050946590ebc19881

  • SHA512

    aa7154f12ce8bcd54ed2604659956259dabcfc3ab2e93f872fab655faa0175547ad6fb528cc068a7704318036102229afa95802cd22e180bac2ec3fc85b5f29c

  • SSDEEP

    6144:yqPPLjOLdBwcz8QnN+K9mblwKwpxsbRjV6ptCbNKN:yqPPfOQQ7sblesbl

Score
10/10
smokeloaderbackdoorpersistencetrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      324KB

    • MD5

      1977e2e9d5ab18bb2fc05caf299e4ec3

    • SHA1

      f1302a2023bdab85f9df706b2115ca91f247e8b5

    • SHA256

      323d285f670c92118fa148f0511a13c2d3fb12806a3c50e050946590ebc19881

    • SHA512

      aa7154f12ce8bcd54ed2604659956259dabcfc3ab2e93f872fab655faa0175547ad6fb528cc068a7704318036102229afa95802cd22e180bac2ec3fc85b5f29c

    • SSDEEP

      6144:yqPPLjOLdBwcz8QnN+K9mblwKwpxsbRjV6ptCbNKN:yqPPfOQQ7sblesbl

    Score
    10/10
    smokeloaderbackdoortrojanpersistence

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks