Overview

overview

10

Static

static

1

2940392a68...10.exe

windows7-x64

10

2940392a68...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa716a47e1edf2eba2fa4039ab307da0.bin

  • Size

    164KB

  • Sample

    230329-b1yk8sga2x

  • MD5

    db6847c1a25d6bb6905e61d844a65007

  • SHA1

    8dd8a657a05497918a02f615b3e4874bc553f2e2

  • SHA256

    7d42da4dc440257a0dff88d1b878560da4b311258edeb6dfecdc9cee41c823ec

  • SHA512

    99f1509e7730543be4d03e1139f111a08530fc21fe2b6acaf9da231d668128d46d7e3d7937c5ead98c19ec962d33e6b9ca2526e202cb77ea8b4343e3910aaca8

  • SSDEEP

    3072:epL8nGqMX80TJu0jdWHOAY/M1Yv4vZJC0GUyDq/dIi22g9HRsW4kpoQe7zsOsY3N:epYGqMX84DdyOAOc/GUyDquiBggHQczJ

Score
10/10
smokeloaderlabbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

    • Target

      2940392a683880d056c8cd8227d44a1a307b42905df31a09872bb651c23fc110.exe

    • Size

      250KB

    • MD5

      aa716a47e1edf2eba2fa4039ab307da0

    • SHA1

      ec398c58775ff11f241b17b2c0561e156a44bc90

    • SHA256

      2940392a683880d056c8cd8227d44a1a307b42905df31a09872bb651c23fc110

    • SHA512

      4c7bc0a7a2c491c6efee8369bfd49cd6bdc66b8d5962d51f7d9e0c9d910dcb52ddab26a4bc26551a7647351ae6876f3edf7aed0e0f4a1c31928c24bec8271ad2

    • SSDEEP

      6144:S8T+GUkLLgUPCTqybV2NAG5g5ZdztRn7:xTUkL8UqTqyV2wb

    Score
    10/10
    smokeloaderlabbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks