Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    321KB

  • Sample

    230206-ttnfsseg92

  • MD5

    8eabcd1564c644305dfdc32015931b78

  • SHA1

    aafc5659b67a58bfeb5397923b47882995adf589

  • SHA256

    ce7f1fd3bcfdfe96b582d45f3d0451f93bae19d09d2511e6c28b8657ca7b6368

  • SHA512

    7a24587192b9353f90ab77637108df9c8df902da7682e3ad0a428f4c7a7a545c339d4af0b70b176903ca416de3594e035c91924f7d599951c3407a49b50b3d5d

  • SSDEEP

    6144:5D1LVPr0YdhPEJa7j31jJEoRuQj90CaM5:5Z5PLXZJEoRlj+CD

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      321KB

    • MD5

      8eabcd1564c644305dfdc32015931b78

    • SHA1

      aafc5659b67a58bfeb5397923b47882995adf589

    • SHA256

      ce7f1fd3bcfdfe96b582d45f3d0451f93bae19d09d2511e6c28b8657ca7b6368

    • SHA512

      7a24587192b9353f90ab77637108df9c8df902da7682e3ad0a428f4c7a7a545c339d4af0b70b176903ca416de3594e035c91924f7d599951c3407a49b50b3d5d

    • SSDEEP

      6144:5D1LVPr0YdhPEJa7j31jJEoRuQj90CaM5:5Z5PLXZJEoRlj+CD

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks