Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    181KB

  • Sample

    230212-2wnhkshb89

  • MD5

    ee43ae66c0666b5f7e0862236df32dd9

  • SHA1

    0da18a6f099a9469f785a55732a7070ddb4b27a3

  • SHA256

    51a393228bbbdf7bf30e6621c4480718d516216ec9c0e15c302c11073c0d3d6a

  • SHA512

    84e6fa6b1f9c73a60bdbe9677a3a955d604a1a637d7bd68f02a47037fe2f571b30c7f13cd6690b740793b119f072a4644c3123d348da5e8a18105c7a260f5ec8

  • SSDEEP

    3072:baEZBTz5HZd2DwxrX7DJMnFJ65DfGNlcxCzW3gSE:vXNgwRZMnFJMDfGNlcxk7

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      181KB

    • MD5

      ee43ae66c0666b5f7e0862236df32dd9

    • SHA1

      0da18a6f099a9469f785a55732a7070ddb4b27a3

    • SHA256

      51a393228bbbdf7bf30e6621c4480718d516216ec9c0e15c302c11073c0d3d6a

    • SHA512

      84e6fa6b1f9c73a60bdbe9677a3a955d604a1a637d7bd68f02a47037fe2f571b30c7f13cd6690b740793b119f072a4644c3123d348da5e8a18105c7a260f5ec8

    • SSDEEP

      3072:baEZBTz5HZd2DwxrX7DJMnFJ65DfGNlcxCzW3gSE:vXNgwRZMnFJMDfGNlcxk7

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks