Overview

overview

10

Static

static

1

e39d66d471...0f.exe

windows7-x64

10

e39d66d471...0f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18bf796bed3dca32beeea437de1127e3.bin

  • Size

    164KB

  • Sample

    230329-bc36taeb52

  • MD5

    8230105a7e774f4c151a41ce70c6bc89

  • SHA1

    94793fdc21095288bc60e32b6620348a2a3d87f0

  • SHA256

    913b95c66796de70af3602ba28b2b902fb0c7e2c3e7245b516bd599d9adb962d

  • SHA512

    8a8c057353bdb7f2ec4cf79444984a3c9ce5f41b2728b43e1c76f36c202c6d0700f7dce49f892e49115d5b693c803dba1a2ebadc985cc51622e584aaac7f0b71

  • SSDEEP

    3072:85RlcHbIA+HHFePnOLxGbNqQrFn1Tw0apz1y7f9qajT1Vr68qbiH5qJbrwSJ+:86HbIArO1GbN3rd10XQJhjTPHiiWwSJ+

Score
10/10
smokeloaderpub4backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/
rc4.i32
rc4.i32

Targets

    • Target

      e39d66d4711d41ca30da9a9d16376774b4d5a0f106fea8bc943b885da998e00f.exe

    • Size

      250KB

    • MD5

      18bf796bed3dca32beeea437de1127e3

    • SHA1

      d0153f48dda4d62c6dba55955edd2eebef008e13

    • SHA256

      e39d66d4711d41ca30da9a9d16376774b4d5a0f106fea8bc943b885da998e00f

    • SHA512

      f65b3e99c195881a2d30664684cdb69117bde25d9b516ddfac7a0643b776beb6597e4a3b57a9e290441457ffe6e690e8b8119e30e7bde1a03ed58c08143bd00a

    • SSDEEP

      6144:Up4MCykkLckNafcRBInLTwpnGANKfD+EUBuO+:GeykkYkAUvI/XAsJUBup

    Score
    10/10
    smokeloaderpub4backdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks