Analysis
-
max time kernel
151s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
05-05-2023 18:26
General
-
Target
5b2962fec18c2e5a43e0daf66fbf0870292dd1dd7663f4bc302b36b731633f3a.exe
-
Size
240KB
-
MD5
2c63ff6ef951c90b13c7e956b25e6ba0
-
SHA1
4eb062b248164984b9a06fee5b453afe2cc497f1
-
SHA256
5b2962fec18c2e5a43e0daf66fbf0870292dd1dd7663f4bc302b36b731633f3a
-
SHA512
5ca2934276cd7dcf69d72136e20ea82a82c99321949e6a3b3c7b362717bf2915337216fbf39ded42081d8632c1e573514a4ef422602bab1df4d89cb5e9ebf81e
-
SSDEEP
3072:Tc/h9wTcdrDRHkOOFRsetodL69c0vgF9fo/m5prEaot1JbLbznvhqxD:4pKcZZk7Fsd+VIF9h5pwfk1
Malware Config
Extracted
smokeloader
2022
http://potunulit.org/
http://hutnilior.net/
http://bulimu55t.net/
http://soryytlic4.net/
http://novanosa5org.org/
http://nuljjjnuli.org/
http://tolilolihul.net/
http://somatoka51hub.net/
http://hujukui3.net/
http://bukubuka1.net/
http://golilopaster.org/
http://newzelannd66.org/
http://otriluyttn.org/
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5b2962fec18c2e5a43e0daf66fbf0870292dd1dd7663f4bc302b36b731633f3a.exe"C:\Users\Admin\AppData\Local\Temp\5b2962fec18c2e5a43e0daf66fbf0870292dd1dd7663f4bc302b36b731633f3a.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
-
Filesize
2.7MB
-
Filesize
88KB