Overview

overview

10

Static

static

1

setup.exe

windows7-x64

10

setup.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    setup.exe

  • Size

    180KB

  • Sample

    230304-da1zsabg8x

  • MD5

    3baff49880d4a265002447861a7670a1

  • SHA1

    6b0d680b7adf84e17b74ba4f54e655cae0f2370e

  • SHA256

    2f7759c1049b9942d5b12bc6445be9fab02fb8abc7ef609c1d017782dda302e3

  • SHA512

    c1fe8d6531fd188cdb0b04378da6de23ffc5034120229b8670703fb1c2bd34f40f5eb40f4c340757b4ecc217b8c8cc94356ae23c45b866ee83d2a67b9a071036

  • SSDEEP

    3072:XFunGFxI34CJFLQBTxhXxVXJG5td3gud1uu7GvDWYcKsjAXPSQ:snEx24CJ2xhXPs5MSuu7gfPsj

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

    • Target

      setup.exe

    • Size

      180KB

    • MD5

      3baff49880d4a265002447861a7670a1

    • SHA1

      6b0d680b7adf84e17b74ba4f54e655cae0f2370e

    • SHA256

      2f7759c1049b9942d5b12bc6445be9fab02fb8abc7ef609c1d017782dda302e3

    • SHA512

      c1fe8d6531fd188cdb0b04378da6de23ffc5034120229b8670703fb1c2bd34f40f5eb40f4c340757b4ecc217b8c8cc94356ae23c45b866ee83d2a67b9a071036

    • SSDEEP

      3072:XFunGFxI34CJFLQBTxhXxVXJG5td3gud1uu7GvDWYcKsjAXPSQ:snEx24CJ2xhXPs5MSuu7gfPsj

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks