smokeloader | 90988c815a0d7bca3e0e8cc3ebde74d55e3eda874687ed7b92bb3528c2745d57 | Triage

Submit
Reports

Overview

overview

Static

static

1

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

284KB
Sample

230203-jm4t4acg69
MD5

a446d1372a365a1d59bf68fbdb8f5af6
SHA1

b832411ea49bc2e87b1a950acf716d4c65f34075
SHA256

90988c815a0d7bca3e0e8cc3ebde74d55e3eda874687ed7b92bb3528c2745d57
SHA512

32de47c199311f2e9ea380feafdeb45bdf9868fb428aa83e0add048e26cadd3ce22406dfd1f8cab9ee971df5744aae06e1e09cbd001e5e9178560b4736a63476
SSDEEP

3072:sHqXjNetbVnFLYM+VnWRaR5CxaiUIozR9FsGY67ACAZMlw:sHqUFLYM+VnkaOxaiU19e+UCAZOw

Score

10^/10

smokeloader systembc backdoor persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

smokeloader systembc backdoor persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

systembc

C2

144.76.223.74:443

Targets

- Target
  
  file.exe
- Size
  
  284KB
- MD5
  
  a446d1372a365a1d59bf68fbdb8f5af6
- SHA1
  
  b832411ea49bc2e87b1a950acf716d4c65f34075
- SHA256
  
  90988c815a0d7bca3e0e8cc3ebde74d55e3eda874687ed7b92bb3528c2745d57
- SHA512
  
  32de47c199311f2e9ea380feafdeb45bdf9868fb428aa83e0add048e26cadd3ce22406dfd1f8cab9ee971df5744aae06e1e09cbd001e5e9178560b4736a63476
- SSDEEP
  
  3072:sHqXjNetbVnFLYM+VnWRaR5CxaiUIozR9FsGY67ACAZMlw:sHqUFLYM+VnkaOxaiU19e+UCAZOw
Score

10^/10

smokeloader backdoor trojan systembc persistence
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloadersystembcbackdoorpersistencetrojan

© 2018-2024

Terms | Privacy