Overview

overview

10

Static

static

1

setup.exe

windows7-x64

10

setup.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    setup.exe

  • Size

    324KB

  • Sample

    230425-asxhjafd96

  • MD5

    ca80dc3fd1fb813184ea47a1a64a6e1c

  • SHA1

    3fe363ecbe89a2dbb292295a6b36f95566713dd1

  • SHA256

    6a85b446824f7c993777f28f87c60a4f00c338ec2f5220965b7e96dec6f34465

  • SHA512

    054a1251f680e40f9151d04e13f65f6f1b8f77539c729c6e7348d0d2f2e3357a1af4176abde31470a0ea98e4425655853e35b6e7340890cd7eb2284ae4f83cf1

  • SSDEEP

    6144:DgTADocTL6CUVT/O2ZSs62HuCBFNkywm/bc:DgT4FL6CUp22Is62XkETc

Score
10/10
smokeloaderpu10backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

    • Target

      setup.exe

    • Size

      324KB

    • MD5

      ca80dc3fd1fb813184ea47a1a64a6e1c

    • SHA1

      3fe363ecbe89a2dbb292295a6b36f95566713dd1

    • SHA256

      6a85b446824f7c993777f28f87c60a4f00c338ec2f5220965b7e96dec6f34465

    • SHA512

      054a1251f680e40f9151d04e13f65f6f1b8f77539c729c6e7348d0d2f2e3357a1af4176abde31470a0ea98e4425655853e35b6e7340890cd7eb2284ae4f83cf1

    • SSDEEP

      6144:DgTADocTL6CUVT/O2ZSs62HuCBFNkywm/bc:DgT4FL6CUp22Is62XkETc

    Score
    10/10
    smokeloaderpu10backdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks