Overview

overview

10

Static

static

1

a8092c9154...00.exe

windows7-x64

10

a8092c9154...00.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a8092c9154d78434533d5b5e6bc10100.exe

  • Size

    183KB

  • Sample

    230214-t7n99aeb5w

  • MD5

    a8092c9154d78434533d5b5e6bc10100

  • SHA1

    d7d60ddbce4379bf2d81e25f36ddc3c1cfe1040a

  • SHA256

    8c5716696984dedf4f11e3c3aae1b86e94aec2594587a168a14d3d7032170135

  • SHA512

    00fe082e2a6b22a7a7d74580b5c6e716882597a2e9b28e9a5b2f901c99736a950975285147a68d2774949ababee0f297819a98bee997ec92b2bbbccfdab6ff96

  • SSDEEP

    3072:/omQ0u5DnN/PTx9TL8/IYF2RCc6geWkYdIAXnHKBPouE88l6+f:/VQvN/PTx18/Ik2AcTePYuQnIQuil6

Score
10/10
smokeloaderbackdoorspywaretrojan

Malware Config

Targets

    • Target

      a8092c9154d78434533d5b5e6bc10100.exe

    • Size

      183KB

    • MD5

      a8092c9154d78434533d5b5e6bc10100

    • SHA1

      d7d60ddbce4379bf2d81e25f36ddc3c1cfe1040a

    • SHA256

      8c5716696984dedf4f11e3c3aae1b86e94aec2594587a168a14d3d7032170135

    • SHA512

      00fe082e2a6b22a7a7d74580b5c6e716882597a2e9b28e9a5b2f901c99736a950975285147a68d2774949ababee0f297819a98bee997ec92b2bbbccfdab6ff96

    • SSDEEP

      3072:/omQ0u5DnN/PTx9TL8/IYF2RCc6geWkYdIAXnHKBPouE88l6+f:/VQvN/PTx18/Ik2AcTePYuQnIQuil6

    Score
    10/10
    smokeloaderbackdoortrojanspyware

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks