Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    299KB

  • Sample

    230207-bbg7ysgg47

  • MD5

    e39bcd53121afd8d6be9a9082ebac2a0

  • SHA1

    224ea99fc4ad05ad541338854ff33cdbec83d5f8

  • SHA256

    9b538f340f1f13fdd507dde8111d7f7680e356e8a0284b38d794933b087eb419

  • SHA512

    c495513054c33b2465dc3278db05d15e5a6cda99d55f42ac9418c42252062730172edc0e5f578f9179a3c8c8c511f3ebf18fac601db59a6c6f7af1560b371e51

  • SSDEEP

    3072:U7b6bwgNLCbSRmQMr39rTIVZ7jQr2VjB86SAUVMauhOrQuQjiMTE5i96Pha5hN:0zgNLCbhhL6VZP3VdXUVsh9uQj9T2aL

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      299KB

    • MD5

      e39bcd53121afd8d6be9a9082ebac2a0

    • SHA1

      224ea99fc4ad05ad541338854ff33cdbec83d5f8

    • SHA256

      9b538f340f1f13fdd507dde8111d7f7680e356e8a0284b38d794933b087eb419

    • SHA512

      c495513054c33b2465dc3278db05d15e5a6cda99d55f42ac9418c42252062730172edc0e5f578f9179a3c8c8c511f3ebf18fac601db59a6c6f7af1560b371e51

    • SSDEEP

      3072:U7b6bwgNLCbSRmQMr39rTIVZ7jQr2VjB86SAUVMauhOrQuQjiMTE5i96Pha5hN:0zgNLCbhhL6VZP3VdXUVsh9uQj9T2aL

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks