Analysis
-
max time kernel
150s -
max time network
67s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
12/04/2023, 23:06
General
-
Target
642bb1e7cedffeb47b39abdcc366b7a1136a2541bc47a9224283d458d30bc33f.exe
-
Size
353KB
-
MD5
545e722f07e05fced4a4e8ebf8a61856
-
SHA1
c06135d530e0d4164f2515c54c9559bd336a1d4d
-
SHA256
642bb1e7cedffeb47b39abdcc366b7a1136a2541bc47a9224283d458d30bc33f
-
SHA512
f3680e8f70d3f536205fd7974da542959fc0217daf762ee200105a6531b9c6527f4e556d86cb6210f2c13433f89d509b60347e0e6321b22f28a16688f940a2de
-
SSDEEP
6144:vDThCX/lTlILJQq1F6TpfrFfDBtVyb+hrwTCV+E:vDcv/ILJt1FCp9tpwTCVr
Malware Config
Extracted
smokeloader
pub2
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\642bb1e7cedffeb47b39abdcc366b7a1136a2541bc47a9224283d458d30bc33f.exe"C:\Users\Admin\AppData\Local\Temp\642bb1e7cedffeb47b39abdcc366b7a1136a2541bc47a9224283d458d30bc33f.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\642bb1e7cedffeb47b39abdcc366b7a1136a2541bc47a9224283d458d30bc33f.exe"C:\Users\Admin\AppData\Local\Temp\642bb1e7cedffeb47b39abdcc366b7a1136a2541bc47a9224283d458d30bc33f.exe"2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
88KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
16KB
-
Filesize
16KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
16KB
-
Filesize
64KB
-
Filesize
16KB
-
Filesize
16KB