Overview

overview

10

Static

static

10

finalpayload.exe

windows7-x64

10

finalpayload.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    finalpayload.exe

  • Size

    29KB

  • Sample

    230328-hv1xqsbc6y

  • MD5

    41fa93a7ec3bd87da29f982e139a0c0f

  • SHA1

    c3919d866cbc2f31efadce588789ca094276468a

  • SHA256

    276295eb22a7da1c649a9320612b613fe7201f4ff54fec6e5436b28c9221bda7

  • SHA512

    5bb7be05caa77868bcf7f6cce56bc210d45c7220039ad9e8222f25d67fffd6b0604f1f0673463c563dbf5911a2a37fd51b3b4985d5da86dd0b45e58e13bbc2bb

  • SSDEEP

    768:uiei6JKbKxBRMlO9uUx6/GRaPN1N//U4ebJb82z:u+YKb2BeIzx6OY1N/gbTz

Score
10/10
smokeloaderbackdoorcollectiontrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://cdn1.wf/

http://cdn2.wf/

http://cdn3.wf/

http://194.180.48.53/
rc4.i32
rc4.i32

Targets

    • Target

      finalpayload.exe

    • Size

      29KB

    • MD5

      41fa93a7ec3bd87da29f982e139a0c0f

    • SHA1

      c3919d866cbc2f31efadce588789ca094276468a

    • SHA256

      276295eb22a7da1c649a9320612b613fe7201f4ff54fec6e5436b28c9221bda7

    • SHA512

      5bb7be05caa77868bcf7f6cce56bc210d45c7220039ad9e8222f25d67fffd6b0604f1f0673463c563dbf5911a2a37fd51b3b4985d5da86dd0b45e58e13bbc2bb

    • SSDEEP

      768:uiei6JKbKxBRMlO9uUx6/GRaPN1N//U4ebJb82z:u+YKb2BeIzx6OY1N/gbTz

    Score
    10/10
    smokeloaderbackdoortrojancollection

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks